Mark Thomas wrote:
Warren Bell wrote:
I have found a war file on my server that appeared around July 14. I
am the only one that has access to this machine and I did not put it
there. It consists of a jsp that downloads a program named init.exe
and then executes it. This server is on a private network. Though
there are three pc kiosks in grocery stores that are available to the
public that access this server but they are on a different subnet and
only have access to the server thru port 8080. I am pretty sure it
came from one of these stores. The url used for this program is
.../fexcep/index.jsp?url=... I am running Tomcat 5.5.3 on Windows XP.
How did somebody get this war file onto my server ?
Difficult to tell. A couple of questions that might help narrow this
down:
- From your description am I right in thinking there are two subnets,
both private with neither connected to the internet?
both networks are connected to the internet.
- What other webapps are installed on the Tomcat instance?
Several, they are all intranet apps that do not have any download/upload
capabilities and there is no possible sql injection vulnerabilities
either. And none of the apps execute any programs local to the server.
And none of the apps are available to the Internet except to the kiosks
through the Internet via
- What is providing the firewall between your Tomcat box and the kiosks?
The network that the server is on has a Lynksys RV082 small business
router with the firewall completely locked down except for port 8080
available only to the networks with the kiosks. The kiosks are on a
basic Linksys home router.
- How locked down are the kiosks?
Not very, each one of the kiosks is on its own network. The only access
they have to the server is thru port 8080.
- Could anyone have connected one of the kiosks to the internet?
Yes, We have isolated it to one kiosk. We use a web proxy, but they just
went around it.
I have a heap of other questions but lets start with these and see
where we go.
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Thanks,
Warren Bell
909-645-8864
[EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]