tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ronald Klop <ronald-mailingl...@base.nl>
Subject Re: Malicious host is crashing my server
Date Mon, 08 Nov 2010 10:41:06 GMT
Use ngrep, tcpdump or wireshark to look at what he/she is requesting. If it is SQL injection
you should rewrite your query's to use PreparedStatements.

Ronald.


Op zondag, 7 november 2010 18:31 schreef Assaf <assafn@yahoo.com>:
> 
>  
> Hi,
> 
> It might be. But I am not sure how to find out more. Any suggestions?
> 
> Assaf
> 
> 
> ----- Original Message ----
> From: Marc Boorshtein <mboorshtein@gmail.com>
> To: Tomcat Users List <users@tomcat.apache.org>
> Sent: Sun, November 7, 2010 6:29:09 PM
> Subject: Re: Malicious host is crashing my server
> 
> JDBC?  Are you sure its not an attempted SQL Injection attack?
> 
> On Sun, Nov 7, 2010 at 12:23 PM, Assaf <assafn@yahoo.com> wrote:
> > Hello,
> >
> > I have a recurring visitor (from a fixed IP
> > address: bzq-79-177-23-102.red.bezeqint.net) who is constantly visiting my 
> site
> > and EACH time causes the server to crash. My server actually gets a JDBC begin
> > failed error for the next http calls.
> >
> > Analyzing the logs, I cannot find out what is wrong. I can see it is a script 
> >as
> > he is visiting the same pages in the same order (never downloading
> > images/css/js). The only thing that I have noticed that is different with this
> > user are the http headers he uses:
> >
> > "Expand HTTP read ahead 1.0"
> >
> > I could not google anything about those. I am running tomcat 6.0.20 on linux
> > with mysql.
> >
> > Anyone has an idea what this can be? How to find out? Also, what can I do to
> > better protect?
> >
> > Thanks,
> >
> > Assaf
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
>       
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 
> 
> 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message