On 8 September 2013 02:55, Tim Dunphy <bluethu...@gmail.com> wrote: > Hey all, > > I'm seeing this exception in my cassandra logs: > > Exception during http request > mx4j.tools.adaptor.http.HttpException: file > mx4j/tools/adaptor/http/xsl/w00tw00t.at.ISC.SANS.DFind:) not found > at > mx4j.tools.adaptor.http.XSLTProcessor.notFoundElement(XSLTProcessor.java:314) > at > mx4j.tools.adaptor.http.HttpAdaptor.findUnknownElement(HttpAdaptor.java:800) > at > mx4j.tools.adaptor.http.HttpAdaptor$HttpClient.run(HttpAdaptor.java:976) > > Do I need to be concerned about the security of this server? How can I > correct/eliminate this error message? I've just upgraded to Cassandra 2.0 > ,and this is the first time I've seen this error. >
There is a web vulnerability scanner that does "GET /w00tw00t.at.ISC.SANS.DFind:)" on anything it thinks is HTTP. This probably means your mx4j port is open to the public which is a security issue. This means anyone can e.g. delete all your data or stop your Cassandra nodes. You should make sure that all your Cassandra ports (at least) are firewalled so only you and other nodes can connect. Richard.
