tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Possible virus uploaded to Tomcat 5.5.3
Date Sat, 09 Aug 2008 11:31:21 GMT
Warren Bell wrote:
> Mark Thomas wrote:
>> Another thought occurs to me. If this server is only accessible via 
>> the firewall and the firewall is locked down to just port 8080 how did 
>> you get the source for the JSP you posted originally?
> 
> Through a VPN connection

No questions here - just checking my understanding
- The server is standalone, connected to the internet via the router
- The only boxes on that local network are the server and the router

The only open ports on the router are:
- 8080 which routes to the server and is served by Tomcat (no IIS, httpd etc)
- the VPN port you use for management of the server

I assume the router is not remotely managed.

>> And from my other e-mail, are you using the invoker servlet at all?
> 
> No
OK. That rules out a few more possibilities.

The extra file(s) that appeared, were they in their own directory under 
webapps or were they added to an existing directory? Also, did any other 
files appear anywhere else either under the Tomcat installation directory 
or elsewhere on the server?

It is probably worth reviewing your configuration files to be on the safe 
side. The relevant files are:
/conf/server.xml
/conf/web.xml
/conf/<engine>/<host>/*.xml
/webapps/*/WEB-INF/web.xml

If you don't want to post them publicly, feel free to e-mail me direct.

Mark


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message