I just came across 2 war files within tomcat6.0/webapps folder:
fexcep.war and safe2.war. Both applications were deployed.
I was watching the thread "Possible virus uploaded to Tomcat 5.5.3" very
closely so the presence of these files alerted me.
Like the original thread nobody has access to the server except through vpn
and port 80/443 (Apache httpd is handing all traffic with mod_jk)
Versions: apache http 2.0.59
mod_ssl 2.0.59
Openssl 0.9.7
mod_jk 1.2.26
tomcat 6.0.16
OS Windows 2003
I am attaching one of the war files here: fexcep.war
I have verified that my server.xml and web.xml were not tampered with
(original date/timestamp as when I installed mod_jk).
Could there be some kind of backdoor entry happening in the code.
Thanks,
<<fexcep.war>>
________________________________
Anurag 301-296-3838
The information contained in this message may be privileged and confidential
and protected from disclosure. If the reader of this message is not the
intended recipient, or an employee or agent responsible for delivering this
message to the intended recipient, you are hereby notified that any
dissemination, distribution or copying of this communication is strictly
prohibited. If you have received this communication in error, please notify
us immediately by replying to the message and deleting it from your
computer.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
