tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kenny Chow <kycaeo...@yahoo.com>
Subject Re: Is someone attempting to hack my server's tomcat 3.2.3?
Date Sun, 05 Aug 2001 20:19:20 GMT
I have been getting the same thing whenever I start my
server. Even with apache running alone, a number of
access using GET "default.ida?NNNNNNNN" are reported
in the log. I really wonder how this will harm to my
apache/tomcat. 

--- "Kasnol (2001)" <kasnol2001@hotmail.com> wrote:
> Hello all,
> 
> I am using tomcat 3.2.3, windows 2000 professional
> at my home, upon
> occasional inspection of my tomcat log,  an
> intresting, strange error is
> observed and enclosed below. I only can caputure 200
> lines from my log
> screen, but below is the best bit of the tomcat
> output. The full version is
> appended below to my message:
> 
> Parse error, missing : in  ccept: */*
> t
> Full  GET
>
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
>
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNN
>
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNN
>
NNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7
> 801%
>
u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
>  HTTP/1.0
> Content-type: text/xmlHOST:www.worm.com Accept: */*
> trol: bypass-client=202.156.138.27
> Connection: closeVia: 1.0
> <STIX>HHCE3X-Forwarded-For: 202.156.138.27
> 
> I can tell that someone is trying to access via GET
> method, and
> default.ida(?) or  is it downloading somestuff
> somewhere in the net?
> 
> I believe it can be somehow related to the recent
> worm scare at win2k.
> Is someone trying to implant a worm in my computer,
> or is this something
> tomcat, win2k,  is vulnerable to ?
> I haven't seen anything wrong with my computer
> yet... but I guess I should
> start a full visurs scan
> 
> Thankx!
> Any help/light is appreciated
> Regards
> Kas
> 
> /***************************** Log Description
> ***************************/
> 2001-08-05 19:53:07 - ContextManager: Error reading
> request, ignored -
> java.lang
> .NumberFormatException: 3379
>         at
> java.lang.Integer.parseInt(Integer.java:423)
>         at
> java.lang.Integer.parseInt(Integer.java:463)
>         at
>
org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
> 284)
>         at
>
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
> n(HttpConnectionHandler.java:200)
>         at
>
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
> 416)
>         at
>
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
> :501)
>         at java.lang.Thread.run(Thread.java:484)
> 
> Parse error, missing : in  ccept: */*
> t
> Full  GET
>
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
>
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNN
>
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> NNNN
>
NNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7
> 801%
>
u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
>  HTTP/1.0
> Content-type: text/xmlHOST:www.worm.com Accept: */*
> trol: bypass-client=202.156.138.27Connection:
> closeVia: 1.0
> <STIX>HHCE3X-Forward
> ed-For: 202.156.138.27
> 
> 2001-08-05 19:55:27 - Ctx(  ): 404 R(  +
> /default.ida + null) null
> 2001-08-05 20:10:54 - ContextManager: Error reading
> request, ignored -
> java.lang
> .NumberFormatException: 3379
>         at
> java.lang.Integer.parseInt(Integer.java:423)
>         at
> java.lang.Integer.parseInt(Integer.java:463)
>         at
>
org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
> 284)
>         at
>
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
> n(HttpConnectionHandler.java:200)
>         at
>
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
> 416)
>         at
>
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
> :501)
>         at java.lang.Thread.run(Thread.java:484)
> 
> 2001-08-05 20:23:28 - ContextManager: Error reading
> request, ignored -
> java.lang
> .NumberFormatException: 3379
>         at
> java.lang.Integer.parseInt(Integer.java:423)
>         at
> java.lang.Integer.parseInt(Integer.java:463)
>         at
>
org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
> 284)
>         at
>
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
> n(HttpConnectionHandler.java:200)
>         at
>
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
> 416)
>         at
>
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
> :501)
>         at java.lang.Thread.run(Thread.java:484)
> 
> 2001-08-05 20:29:41 - ContextManager: Error reading
> request, ignored -
> java.lang
> .NumberFormatException: 3379
>         at
> java.lang.Integer.parseInt(Integer.java:423)
>         at
> java.lang.Integer.parseInt(Integer.java:463)
>         at
>
org.apache.tomcat.core.RequestImpl.getContentLength(RequestImpl.java:
> 284)
>         at
>
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
> n(HttpConnectionHandler.java:200)
>         at
>
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
> 416)
>         at
>
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
> :501)
>         at java.lang.Thread.run(Thread.java:484)
> 
> 2001-08-05 20:52:17 - ContextManager:
> SocketException reading request,
> ignored -
>  java.net.SocketException: Connection reset by peer:
> JVM_recv in socket
> input st
> ream read
>         at
> java.net.SocketInputStream.socketRead(Native Method)
>         at
>
java.net.SocketInputStream.read(SocketInputStream.java:86)
>         at
>
java.io.BufferedInputStream.fill(BufferedInputStream.java:186)
>         at
>
java.io.BufferedInputStream.read(BufferedInputStream.java:204)
>         at
>
org.apache.tomcat.service.http.HttpRequestAdapter.doRead(HttpRequestA
> dapter.java:115)
>         at
>
org.apache.tomcat.core.BufferedServletInputStream.doRead(BufferedServ
> letInputStream.java:106)
>         at
>
org.apache.tomcat.core.BufferedServletInputStream.read(BufferedServle
> tInputStream.java:128)
>         at
>
javax.servlet.ServletInputStream.readLine(ServletInputStream.java:138
> )
>         at
>
org.apache.tomcat.service.http.HttpRequestAdapter.readNextRequest(Htt
> pRequestAdapter.java:129)
>         at
>
org.apache.tomcat.service.http.HttpConnectionHandler.processConnectio
> n(HttpConnectionHandler.java:198)
>         at
>
org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:
> 416)
>         at
>
org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java
> :501)
>         at java.lang.Thread.run(Thread.java:484)
> 
> 2001-08-05 21:11:37 - ContextManager: Error reading
> request, ignored -
> 
=== message truncated ===


__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

Mime
View raw message