incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Low <rich...@wentnet.com>
Subject Re: w00tw00t.at.ISC.SANS.DFind not found
Date Sun, 08 Sep 2013 09:40:03 GMT
On 8 September 2013 02:55, Tim Dunphy <bluethundr@gmail.com> wrote:

> Hey all,
>
>  I'm seeing this exception in my cassandra logs:
>
> Exception during http request
> mx4j.tools.adaptor.http.HttpException: file
> mx4j/tools/adaptor/http/xsl/w00tw00t.at.ISC.SANS.DFind:) not found
>         at
> mx4j.tools.adaptor.http.XSLTProcessor.notFoundElement(XSLTProcessor.java:314)
>         at
> mx4j.tools.adaptor.http.HttpAdaptor.findUnknownElement(HttpAdaptor.java:800)
>         at
> mx4j.tools.adaptor.http.HttpAdaptor$HttpClient.run(HttpAdaptor.java:976)
>
> Do I need to be concerned about the security of this server? How can I
> correct/eliminate this error message? I've just upgraded to Cassandra 2.0
> ,and this is the first time I've seen this error.
>

There is a web vulnerability scanner that does "GET
/w00tw00t.at.ISC.SANS.DFind:)" on anything it thinks is HTTP.  This
probably means your mx4j port is open to the public which is a security
issue.  This means anyone can e.g. delete all your data or stop your
Cassandra nodes.  You should make sure that all your Cassandra ports (at
least) are firewalled so only you and other nodes can connect.

Richard.

Mime
View raw message