Warren Bell wrote:
I have found a war file on my server that appeared around July 14. I am
the only one that has access to this machine and I did not put it there.
It consists of a jsp that downloads a program named init.exe and then
executes it. This server is on a private network. Though there are three
pc kiosks in grocery stores that are available to the public that access
this server but they are on a different subnet and only have access to
the server thru port 8080. I am pretty sure it came from one of these
stores. The url used for this program is .../fexcep/index.jsp?url=... I
am running Tomcat 5.5.3 on Windows XP.
How did somebody get this war file onto my server ?
Difficult to tell. A couple of questions that might help narrow this down:
- From your description am I right in thinking there are two subnets, both
private with neither connected to the internet?
- What other webapps are installed on the Tomcat instance?
- What is providing the firewall between your Tomcat box and the kiosks?
- How locked down are the kiosks?
- Could anyone have connected one of the kiosks to the internet?
I have a heap of other questions but lets start with these and see where we go.
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
