Every now and then, I like to review localhost_access_log files, just to see who might be trying to access my web app, running on TomEE 1.6.0 snapshot (Tomcat 7.0.39). So, a few minutes ago, I saw the following in the log:
113.11.200.30 - - [09/Apr/2013:19:26:58 -0400] "HEAD /manager/html HTTP/1.0" 404 - This is an unfamiliar ip address to me, and I have already prepared the app/tomcat for these type of attacks. How? by removing any/all tomee/tomcat (manager/web) apps. I did that some time ago, when I first migrated from glassfish to tomee/tomcat, and that was the best/easiest way I knew how to prevent these type of attacks. Can someone please give/share some background on this type of attack? Thanks, Howard
