Seems like the infection was related to the loose (default) password of the manager app. I suppose changing that fixed the problem.
On Thu, Jan 22, 2009 at 4:26 PM, Toby Kurien <tobyis7...@gmail.com> wrote: > thanks. I only need ROOT and myApp (which is my application). I am the > developer, admin, everything. And yes, we moved between physical > server racks that actually host Virtual environments. > > On Thu, Jan 22, 2009 at 3:15 PM, Gregor Schneider <rc4...@googlemail.com> > wrote: >>> >>> Moving servers mean we moved it physically from one box to another. IP >>> and DNS stays the same when we move. >>> Btw: Can I take off all the apps from webapps, except ROOT and myApp? >>> Hacker or virus is probably exploiting some vulnerability in them. As >>> of now, tomcat is running after restarting the whole box, but I am >>> afraid if it will shutdown or crash. >>> >> >> box == server-rack? >> >> Since I got no idea of your application's structure, I can't give you >> any advice of what to remove and what to keep. >> >> Just that much: >> >> ROOT.war ist the default application when you call your server i.e. at >> www.yourserver.com. >> >> Provided myApp.war is a known application, *theoretically* it might be >> possible that it needs additional apps, if it uses servlet-chaing >> etc.. >> >> It might be helpful if you could post the result of >> >> cd [Tomcat-Installation-Directory] >> dir -s >> >> The best method actually would be if you contact the developer of the >> application(s) hosted, ask them about what they expect within their >> application-directories and remove the rest. >> >> Toby, I'm afraid I'll have to call it a day now, however, since the >> guys from the US should be about to wake up after yesterday's >> inauguration-party, I'm pretty sure they will help you to get your >> feet back on the ground. >> >> I'll check the list tomorrow anyways. >> >> Good luck! >> >> Gregor >> -- >> just because your paranoid, doesn't mean they're not after you... >> gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 >> gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org