tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Smith <d...@cornell.edu>
Subject Re: Is Tomcat being hacked by curl ?
Date Thu, 23 Aug 2007 18:43:25 GMT
Sorry, I wasn't after you.  I was just trying to catch a discussion that 
could easily lose sight of the original question. 

For the benefit of people on the list, curl can be use for good purposes 
like downloading packages, a test of server status (e.g. in heart beat 
script activating a backup when the primary dies), or to automatically 
backup a website if you have a CMS package with a backup tool.  Magnolia 
CMS falls into that last category and I've used curl with a cron job to 
backup the site nightly.

--David

Lyallex wrote:

>On 8/23/07, David Smith <dns4@cornell.edu> wrote:
>  
>
>>Just to nip this one early before the discussion strays too far, curl is
>>NOT a hacking tool.  It's just a command line http client useful in all
>>sorts of linux/unix OS scripts.
>>    
>>
>
>Yep, I understand what curl is now ... spent some time on the relevant
>website reading up about it. I never actually suggested it was a
>hacking tool, I was unsure what it was and was asking for relevant
>exp' from the uses of this list, and as is often the case
>users@tomcat.apache.org delivered the goods.
>
>  
>
>>To determine if it's being used to probe your site, you need to pay
>>attention to WHAT is being requested.  The brief sample offered by the
>>OP was actually very benign (no weird escape sequences or attempts to
>>access a binary executable).
>>    
>>
>
>Although ... depending on what you consider hacking it certainly seems
>like it could easily be used to run a crude DOS attack (for example)
>simply by writing a shell script with a loop in it, like many other
>otherwise benign applications out there I'm sure.
>
>Anyway, what this has taught me is to pay much more attention to the
>logs over and above checking out the webalizer pages once a day and to
>understand what is being requested as well as by what (and by whom)...
>oh yes, and to dredge up what I used to know about iptables (or was
>that ipchains) as well, good tip.
>
>So, a success than, and none of this is EVER a waste of time IMHO.
>
>Many thanks
>Duncan
>
>  
>
>>--David
>>
>>Mark Deneen wrote:
>>
>>    
>>
>>>Once you find them, you might be hard pressed to actually do anything
>>>about it beyond getting in touch with their ISP.
>>>
>>>It might be easier to just block them at the firewall or on the server
>>>tomcat runs on with something like iptables.
>>>
>>>Mark
>>>
>>>On 8/23/07, Lyallex <lyallex@gmail.com> wrote:
>>>
>>>
>>>      
>>>
>>>>www.who.is
>>>>
>>>>Much more info
>>>>
>>>>...tracking the perpetrator down now ... this is fun.
>>>>
>>>>
>>>>
>>>>        
>>>>
>>>---------------------------------------------------------------------
>>>To start a new topic, e-mail: users@tomcat.apache.org
>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>>
>>>      
>>>
>>---------------------------------------------------------------------
>>To start a new topic, e-mail: users@tomcat.apache.org
>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>    
>>
>
>---------------------------------------------------------------------
>To start a new topic, e-mail: users@tomcat.apache.org
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
>
>  
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message