tomcat-users mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	Ronald Klop <ronald-mailingl...@base.nl>
Subject	Re: Malicious host is crashing my server
Date	Mon, 08 Nov 2010 10:41:06 GMT
Use ngrep, tcpdump or wireshark to look at what he/she is requesting. If it is SQL injection you should rewrite your query's to use PreparedStatements. Ronald. Op zondag, 7 november 2010 18:31 schreef Assaf <assafn@yahoo.com>: > > > Hi, > > It might be. But I am not sure how to find out more. Any suggestions? > > Assaf > > > ----- Original Message ---- > From: Marc Boorshtein <mboorshtein@gmail.com> > To: Tomcat Users List <users@tomcat.apache.org> > Sent: Sun, November 7, 2010 6:29:09 PM > Subject: Re: Malicious host is crashing my server > > JDBC? Are you sure its not an attempted SQL Injection attack? > > On Sun, Nov 7, 2010 at 12:23 PM, Assaf <assafn@yahoo.com> wrote: > > Hello, > > > > I have a recurring visitor (from a fixed IP > > address: bzq-79-177-23-102.red.bezeqint.net) who is constantly visiting my > site > > and EACH time causes the server to crash. My server actually gets a JDBC begin > > failed error for the next http calls. > > > > Analyzing the logs, I cannot find out what is wrong. I can see it is a script > >as > > he is visiting the same pages in the same order (never downloading > > images/css/js). The only thing that I have noticed that is different with this > > user are the http headers he uses: > > > > "Expand HTTP read ahead 1.0" > > > > I could not google anything about those. I am running tomcat 6.0.20 on linux > > with mysql. > > > > Anyone has an idea what this can be? How to find out? Also, what can I do to > > better protect? > > > > Thanks, > > > > Assaf > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > > For additional commands, e-mail: users-help@tomcat.apache.org > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > > > >
Mime	Unnamed multipart/alternative (inline, None, 0 bytes) Unnamed text/plain (inline, 7-Bit, 2190 bytes)
	View raw message