tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hubert de Heer" <hdeh...@mirabeau.nl>
Subject RE: SECURITY breach in Tomcat
Date Wed, 28 Jan 2009 13:15:37 GMT
Hi,
If you really, really need the manager webapp, you can restrict access
to that one not only by password but also by source-ip, e.g. access is
only allowed from your office IP.

In server.xml:
        <Context path="/manager"
docBase="${catalina.home}/server/webapps/manager" debug="0"
privileged="true">
          <Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="<office_ip>"/>
        </Context>

Hubert
-----Original Message-----
From: Toby Kurien [mailto:tobyis7084@gmail.com] 
Sent: 22 January 2009 16:17
To: users@tomcat.apache.org
Subject: SECURITY breach in Tomcat

Hi,
I have a webapp for my company that has been running for several
years. Recently, we got infected by a trojan or virus and this has
been causing a lot of abnormal behavior. The trojan creates user
accounts in Windows and also creates web applications like safee.war
and zhu.war into the webapps folder of Tomcat and also shuts down
Tomcat. The trojan webapps have jsp and exe files which try to modify,
copy and delete files in the system and also try to access the
database. Symantec and Norton have not been able to rectify or detect
much.
I am totally at loss on what's going on and how to tighten or rectify
this. Anyone with any ideas is highly appreciated.

Thanks,
-Toby

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message