tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus Schönhaber <mailing-tomcat-u...@schoenhaber.de>
Subject Re: Is Tomcat being hacked by curl ?
Date Thu, 23 Aug 2007 08:33:06 GMT
Lyallex wrote:

> This question concerns access to a running Tomcat instance by a
> previously unseen/unknown user agent.
[...]

> Is it a 'Tomcat' question ?... I'm not sure but here goes anyway.

No.

> The following might be quite harmless but it would be nice to hear of
> others exp' in this area
> 
> Looking at the user agent section of my Webalizer generated access log
> analysis page I can see the following entry
> 
> curl/7.12.1 (i386-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0.
> 
> I have been to http://curl.haxx.se/ and it seems to my (currently)
> inexperienced eye
> that this software _could_ be used to do all sorts of despicable
> things to a web site.

As could be almost any other user agent - if your website allows
despicable things to be done to it.

> I guess it could also be used to 'build your own browser' so I'm not
> panicking just yet
> 
> I have telnet and ftp disabled and access the server via ssh and scp.
> 
> Is this likely to be some dismal little hacker trying to probe my defenses or
> am I worrying unnecessarily.

Maybe. But if your web server can really be compromised by a client that
does just what you intended when bringing the server online - i. e.
accessing it via HTTP - you have much more important things to worry
about than whether this client calls itself curl, Firefox, IE, telnet or
whatever.

Regards
  mks

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message