tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: SECURITY breach in Tomcat
Date Thu, 29 Jan 2009 10:41:46 GMT
Toby Kurien wrote:
> Seems like the infection was related to the loose (default) password
> of the manager app. I suppose changing that fixed the problem.

There is *no* default password for the manager application. You have to
configure it yourself.

If you have a Tomcat distribution that does have a default password for the
manager application please let us know where you got it from so we can try and
get that security hole in that non-Apache distro fixed.

Mark

> 
> On Thu, Jan 22, 2009 at 4:26 PM, Toby Kurien <tobyis7084@gmail.com> wrote:
>> thanks. I only need ROOT and myApp (which is my application). I am the
>> developer, admin, everything. And yes, we moved between physical
>> server racks that actually host Virtual environments.
>>
>> On Thu, Jan 22, 2009 at 3:15 PM, Gregor Schneider <rc46fi@googlemail.com> wrote:
>>>> Moving servers mean we moved it physically from one box to another. IP
>>>> and DNS stays the same when we move.
>>>> Btw: Can I take off all the apps from webapps, except ROOT and myApp?
>>>> Hacker or virus is probably exploiting some vulnerability in them. As
>>>> of now, tomcat is running after restarting the whole box, but I am
>>>> afraid if it will shutdown or crash.
>>>>
>>> box == server-rack?
>>>
>>> Since I got no idea of your application's structure, I can't give you
>>> any advice of what to remove and what to keep.
>>>
>>> Just that much:
>>>
>>> ROOT.war ist the default application when you call your server i.e. at
>>> www.yourserver.com.
>>>
>>> Provided myApp.war is a known application, *theoretically* it might be
>>> possible that it needs additional apps, if it uses servlet-chaing
>>> etc..
>>>
>>> It might be helpful if you could post the result of
>>>
>>> cd [Tomcat-Installation-Directory]
>>> dir -s
>>>
>>> The best method actually would be if you contact the developer of the
>>> application(s) hosted, ask them about what they expect within their
>>> application-directories and remove the rest.
>>>
>>> Toby, I'm afraid I'll have to call it a day now, however, since the
>>> guys from the US should be about to wake up after yesterday's
>>> inauguration-party, I'm pretty sure they will help you to get your
>>> feet back on the ground.
>>>
>>> I'll check the list tomorrow anyways.
>>>
>>> Good luck!
>>>
>>> Gregor
>>> --
>>> just because your paranoid, doesn't mean they're not after you...
>>> gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
>>> gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message