OK, that's all good advice ...
[EMAIL PROTECTED]:/usr/tomcat/logs$ cat access.log | grep curl
69.25.212.171 - - [22/Aug/2007:16:40:41 +0100] "GET /favicon.ico
HTTP/1.1" 200 2238 "-" "curl/7.12.1 (i386-redhat-linux-gnu)
libcurl/7.12.1 OpenSSL/0.9.7a zlib/1.2.1.2 libidn/0.5.6"
69.25.212.171 - - [22/Aug/2007:16:40:41 +0100] "HEAD / HTTP/1.1" 200 -
"-" "curl/7.12.1 (i386-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0.9.7a
zlib/1.2.1.2 libidn/0.5.6"
So, looking for favicon.ico and doing a HEAD on my entry page, doesn't
look to suspicious I guess.
[EMAIL PROTECTED]:/usr/tomcat/logs$ whois 69.25.212.171
Internap Network Services PNAP-12-2002 (NET-69-25-0-0-1)
69.25.0.0 - 69.25.255.255
Name.com INAP-DEN-NAMECOM-1256 (NET-69-25-212-128-1)
69.25.212.128 - 69.25.212.191
# ARIN WHOIS database, last updated 2007-08-22 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Sometimes whois returns a bunch of stuff sometimes I only get a
minimal return, not much use really.
Anyway, I will investigate further
Thanks for taking the time to reply
Regards
Duncan
On 8/23/07, Lyallex <[EMAIL PROTECTED]> wrote:
> (Debian) Linux 2.6.11.12-xenU
> Tomcat 5.5.20
> Java 1.5.0_04
>
> This question concerns access to a running Tomcat instance by a
> previously unseen/unknown user agent.
> I have been developing commercial sites in Java for a number of years
> now but this is the first time I have
> deployed a commercial application on my own and hence I am a complete
> beginner when it comes to dealing with
> nefarious nerks trying to hack my installation.
>
> Is it a 'Tomcat' question ?... I'm not sure but here goes anyway.
>
> The following might be quite harmless but it would be nice to hear of
> others exp' in this area
>
> Looking at the user agent section of my Webalizer generated access log
> analysis page I can see the following entry
>
> curl/7.12.1 (i386-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0.
>
> I have been to http://curl.haxx.se/ and it seems to my (currently)
> inexperienced eye
> that this software _could_ be used to do all sorts of despicable
> things to a web site.
> I guess it could also be used to 'build your own browser' so I'm not
> panicking just yet
>
> I have telnet and ftp disabled and access the server via ssh and scp.
>
> Is this likely to be some dismal little hacker trying to probe my defenses or
> am I worrying unnecessarily.
>
> I will investigate curl further of course.
>
> Thanks
> Duncan
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
