tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jim Urban" <jur...@parkcitysolutions.com>
Subject RE: Security - Attack
Date Thu, 13 Jun 2002 12:56:21 GMT
> create a bunch of mod_rewrite filters (in httpd.conf - for Apache) that
redirects
> all those requests to www.microsoft.com
Can you provide an example?

Jim

-----Original Message-----
From: Cato, Christopher [mailto:ccato@rational.com]
Sent: Thursday, June 13, 2002 6:38 AM
To: 'Tomcat Users List'
Subject: RE: Security - Attack

You should do what I did. For Code Red and similar exploits, create a bunch
of mod_rewrite filters (in httpd.conf - for Apache) that redirects all those
requests to www.microsoft.com instead. After all, they ARE responsible,
aren't they? :)

> -----Original Message-----
> From: Stuart Stephen [mailto:swadge@swadge.co.uk]
> Sent: den 13 juni 2002 10:43
> To: Tomcat Users List
> Subject: RE: Security - Attack
>
>
> I think they are code red attacks. These shouldn't be
> anything to worry
> about on a Tomcat server if I am correct in my thinking. They
> only affect
> IIS.
>
> -----Original Message-----
> From: Laura [mailto:lauradiara@libero.it]
> Sent: 13 June 2002 09:35
> To: Tomcat Users List
> Subject: Security - Attack
>
>
> Hi all,
>
> well I have, in my opinion, a very interesting question.
>
> Last week we went in a production enviroment: we have apache
> + tomcat with
> an important web application xxx (http.conf has JkMount /xxx worker).
>
> Well, this morning I have discovered that somebody has tried
> to attack my
> server: in the Apache error log I have found calls as
> /scripts/..%5c%5c../winnt/system32/cmd.exe, /scripts/....., and so on.
>
> My question is: is Tomcat secure? How can I do Tomcat secure?
> Is all my
> system secure? ( my machine is a solaris 8).
>
>
> Thanks
>
>
>
> Laura
>
>
>
>
> --
> To unsubscribe, e-mail:
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:tomcat-user-help@jakarta.apache.org>
>

--
To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message