tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404
Date Thu, 11 Apr 2013 20:39:59 GMT
Hash: SHA256


On 4/11/13 9:47 AM, Jeffrey Janner wrote:
>> -----Original Message----- From: Howard W. Smith, Jr.
>> [] Sent: Wednesday, April 10, 2013
>> 7:35 PM To: Esmond Pitt Cc: Tomcat Users List Subject: Re: Tomcat
>> access log reveals hack attempt: "HEAD /manager/html HTTP/1.0"
>> 404
>> On Wed, Apr 10, 2013 at 8:21 PM, Esmond Pitt 
>> <>wrote:
>>> We had lots of these and finally an attack last year on a
>>> Tomcat
>> where
>>> the manager password somehow hadn't been changed. The attacker 
>>> installed a viral servlet application that killed the server 
>>> completely, we had to rebuild it.
>>> We:
>>> - Hid the Tomcat behind an Apache HTTPD on port 80. - Closed
>>> port 8080, indeed removed all the HTTP Connectors from
>> Tomcat
>>> and just used AJP connectors running on,
>>> all on the same port for simplicity, so there is no zero direct
>>> access to Tomcat from the outside - Configured Apache HTTPD for
>>> LDAP authentication via an OpenLDAP server that in turn is
>>> configured via the Password Policy overlay for finite (5 I 
>>> think) password retries before locking out the account -
>>> required a very restricted LDAP group membership for access to 
>>> /manager (and the other Tomcat builtins).
>>> No recurrence, not even an attempt. I think actually closing
>>> port
>> 8080
>>> may have played the biggest part in all this.
>>> EJP
>> +1 I like what you all did! I'm currently not using Apache
>> HTTPD, 'yet'.
>> Before I start TomEE/tomcat, I always copy my edited version of 
>> tomee/tomcat's user file, and I have a strong password in place.
>> when I first started using TomEE, and when I had port 3389 open
>> on my Windows Server 2008 'development server', I saw someone
>> connect to the tomee and tomcat manager apps, and they tried
>> 'many' times to login to those manager app pages.
>> I LOL at them, because even though the manager apps were
>> available, i already beat them to the punch, because I secured
>> tomee/tomcat by commenting out users and/or user groups in the
>> user file, and created my own custom user that had a strong
>> password. So, after I saw those blatent-and-sorry-hacker
>> attempts, I resolved that by removing manager apps whenever I
>> install new version of tomee/tomcat. Problem solved!!! :) And
>> yes, i eventually, closed port 3389 on my router, since I really
>> don't need it since I am in the office 99.99999% of the time 
>> doing my work. Sometimes, if I have to travel somewhere or sit in
>> waiting room, while my vehicle is being service, I do get tempted
>> to open 3389 port on my router and do some work at that time. :)
> FYI, Howard, this is why they invented VPN technology.


OpenVPN is cheap and relatively easy to set up.

- -chris
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools -
Comment: Using GnuPG with Thunderbird -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message