I just came across 2 war files within tomcat6.0/webapps folder: fexcep.war and safe2.war. Both applications were deployed.
I was watching the thread "Possible virus uploaded to Tomcat 5.5.3" very closely so the presence of these files alerted me. Like the original thread nobody has access to the server except through vpn and port 80/443 (Apache httpd is handing all traffic with mod_jk) Versions: apache http 2.0.59 mod_ssl 2.0.59 Openssl 0.9.7 mod_jk 1.2.26 tomcat 6.0.16 OS Windows 2003 I am attaching one of the war files here: fexcep.war I have verified that my server.xml and web.xml were not tampered with (original date/timestamp as when I installed mod_jk). Could there be some kind of backdoor entry happening in the code. Thanks, <<fexcep.war>> ________________________________ Anurag 301-296-3838 The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.
--------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]