tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jay Burgess <li...@vtgroup.com>
Subject RE: Event log message: "Somebody try to hack into the site!!!"
Date Thu, 12 May 2005 20:30:38 GMT
The beauty of open source is that you can look at the source. :)  I searched for
your error string and ran across the following in the HttpFilterProc() function
in jk_isapi_plugin.c.  It looks like it's trapping for an attempt to access
WEB-INF or META-INF directly (which is illegal), and correctly logging an error
and returning "403 Forbidden".

/*
 * Check if somebody is feeding us with his own TOMCAT data headers.
 * We reject such postings !
 */
env->l->jkLog(env, env->l, JK_LOG_DEBUG,
    "HttpFilterProc check if [%s] is pointing to the web-inf directory\n", 
    uri);

if(jk_requtil_uriIsWebInf(uri)) {
    env->l->jkLog(env, env->l,  JK_LOG_EMERG, 
        "HttpFilterProc [%s] points to the web-inf or meta-inf
         directory.\nSomebody try to hack into the site!!!\n", uri);
    write_error_response(pfc,"403 Forbidden", HTML_ERROR_403);
    workerEnv->globalEnv->releaseEnv( workerEnv->globalEnv, env );
    return SF_STATUS_REQ_FINISHED;
}

Jay

| Jay Burgess [Vertical Technology Group]
| "Essential Technology Links via RSS"
| http://www.vtgroup.com/

-----Original Message-----
From: Warren Barton - BGT Partners [mailto:wbarton@bgtpartners.com] 
Sent: Thursday, May 12, 2005 3:15 PM
To: tomcat-dev@jakarta.apache.org
Subject: Event log message: "Somebody try to hack into the site!!!"

Hello, I have Tomcat served via an IIS ISAPI filter on Windows 2003, all
is working well except... I get this message repeatedly each day in my
Windows Event Viewer:

"Application Event Log failure message: [1] Emerg: [jk_isapi_plugin.c
(434)]: HttpFilterProc [/web-inf/] points to the web-inf or meta-inf
directory. Somebody try to hack into the site!!!"

I've googled and yahooed as much as I can on this one, nothing
definitive. What servlet actions could trigger this message, or what
actions at all for that matter? Any help is greatly appreciated!

Thanks,

- Warren


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org








---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message