RE : Tomcat 6.0.35 Crashed again

Hello All, We are using Tomcat 6.0.35 for our production system with 64 bit JVM (1.6.33) on Windows 2008 R2 SP1. Our physical memory is 24gb. Load is ~ 100 concurrent sessions. The Tomcat crashed again with OutOfMemoryError: Java heap space error. We are using COTS product SAP Business Objects.

Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404

On Wed, Apr 10, 2013 at 4:32 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Howard, > > On 4/10/13 1:23 PM, Howard W. Smith, Jr. wrote: > >> As others have mentioned, I wouldn't give this too much thought: > >> someone is scan

Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404

On Wed, Apr 10, 2013 at 8:21 PM, Esmond Pitt wrote: > We had lots of these and finally an attack last year on a Tomcat where the > manager password somehow hadn't been changed. The attacker installed a > viral > servlet application that killed the server completely, we had to rebuild > it. > > We:

RE: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404

We had lots of these and finally an attack last year on a Tomcat where the manager password somehow hadn't been changed. The attacker installed a viral servlet application that killed the server completely, we had to rebuild it. We: - Hid the Tomcat behind an Apache HTTPD on port 80. - Closed por

Re: Resource management in new Tomcat JDBC connection pool.

Thanks, Dan et al. StatementFinalizer is exactly what I was looking for. A quick look at the source code reveals exactly what I needed to know: statements are stash

Re: Better SSL connector setup

On 4/10/2013 1:50 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 4/10/13 12:17 PM, Harris, Jeffrey E. wrote: -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, April 10, 2013 12:09 PM To: To

Re: connectors - what are JK, AJP, APR

Christopher, thank you for your reply, yes, maybe on http://tomcat.apache.org/tomcat-7.0-doc/connectors.html could be a few more simple words about this concepts, I was mislead by *The native connectors supported with this Tomcat release are: * - *JK 1.2.x with any of the supported servers*

Re: FW: Tomcat 5.5.20 not stopping and starting correctly

On Wed, Apr 10, 2013 at 4:55 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Nilesh, > > On 4/10/13 12:02 PM, Tailor,Nilesh wrote: > > Nothing has changed since it was last running (no windows > > updates/reboots etc). We rebo

Re: [OT] FW: Tomcat 5.5.20 not stopping and starting correctly

On Wed, Apr 10, 2013 at 4:54 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Howard, > > On 4/10/13 10:50 AM, Howard W. Smith, Jr. wrote: > > I am running Windows Server 2008 R2 64bit, and I recognized that my > > server restar

Re: FW: Tomcat 5.5.20 not stopping and starting correctly

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nilesh, On 4/10/13 12:02 PM, Tailor,Nilesh wrote: > Nothing has changed since it was last running (no windows > updates/reboots etc). We rebooted the server yesterday when we > were debugging this issue to see if a reboot would sort the issue > ou

Re: [OT] FW: Tomcat 5.5.20 not stopping and starting correctly

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Howard, On 4/10/13 10:50 AM, Howard W. Smith, Jr. wrote: > I am running Windows Server 2008 R2 64bit, and I recognized that my > server restarted automatically this morning, most likely, because > of automatic (Windows) updates. You have automatic

Re: Better SSL connector setup

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 4/10/13 12:17 PM, Harris, Jeffrey E. wrote: > > >> -Original Message- From: Christopher Schultz >> [mailto:ch...@christopherschultz.net] Sent: Wednesday, April 10, >> 2013 12:09 PM To: Tomcat Users List Subject: Re: Better SSL

Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Howard, On 4/10/13 1:23 PM, Howard W. Smith, Jr. wrote: >> As others have mentioned, I wouldn't give this too much thought: >> someone is scanning you for vulnerabilities. I'll bet if you log >> the full headers of those requests, you'll see someth

Re: Resource management in new Tomcat JDBC connection pool.

Hi, Have a look at http://markmail.org/thread/iqgvj34347z77tnc for a bug in the current Tomcat version and its workaround. This seems to affect MySQL primarily. Regards, Bertrand On 10/04/2013 4:05 PM, Igor Urisman wrote: Hello, The new Tomcat 7 JDBC pool

Re: Resource management in new Tomcat JDBC connection pool.

On Apr 10, 2013, at 4:05 PM, Igor Urisman wrote: > Hello, > > The new Tomcat 7 JDBC > poolis > quite new and not much has been written on it yet. I'm not sure I would consider it new, it's been out three plus years and I know it's bei

Resource management in new Tomcat JDBC connection pool.

Hello, The new Tomcat 7 JDBC poolis quite new and not much has been written on it yet. Has anyone looked it how well it manages underlying resources, both in java domain and in the database? More specifically, what happens when I call Co

Re: runtime.exec "cmd.exe /C net use"

David kerber wrote: On 4/10/2013 2:47 PM, Bilal S wrote: On Sun, Mar 24, 2013 at 10:20 AM, Patrick Flaherty wrote: On Mar 23, 2013, at 10:00 PM, David Kerber wrote: On 3/23/2013 8:13 PM, Harris, Jeffrey E. wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.co

Re: runtime.exec "cmd.exe /C net use"

On 4/10/2013 2:47 PM, Bilal S wrote: On Sun, Mar 24, 2013 at 10:20 AM, Patrick Flaherty wrote: On Mar 23, 2013, at 10:00 PM, David Kerber wrote: On 3/23/2013 8:13 PM, Harris, Jeffrey E. wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Saturday, Ma

Re: runtime.exec "cmd.exe /C net use"

On Sun, Mar 24, 2013 at 10:20 AM, Patrick Flaherty wrote: > > On Mar 23, 2013, at 10:00 PM, David Kerber wrote: > > On 3/23/2013 8:13 PM, Harris, Jeffrey E. wrote: >> >>> >>> >>> -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Saturday, March 23, 2013 8:10

Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404

Chris, > As others have mentioned, I wouldn't give this too much thought: > someone is scanning you for vulnerabilities. I'll bet if you log the > full headers of those requests, you'll see something like > "admin/admin" or "scott/tiger" in the WWW-Authenticate headers. Just > someone knocking on

Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Howard, On 4/10/13 7:32 AM, Howard W. Smith, Jr. wrote: > Every now and then, I like to review localhost_access_log files, > just to see who might be trying to access my web app, running on > TomEE 1.6.0 snapshot (Tomcat 7.0.39). So, a few minutes a

Re: Monitoring multiple tomcat instances from single app

On 4/9/2013 9:59 PM, Neven Cvetkovic wrote: On Tue, Apr 9, 2013 at 3:46 PM, David kerber wrote: Is there a "restart" command available? Obviously I need to do some more research now that you've gotten me started. David, I don't think you can "restart" Tomcat JVM process. Why do you want

Re: Monitoring multiple tomcat instances from single app

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Neven, On 4/9/13 10:17 PM, Neven Cvetkovic wrote: > David, > > Here's an example application that has a CounterServlet that counts > hits for example... Here are the classes that I used > > - CounterServlet - just counts number of hits, calls > M

Re: Monitoring multiple tomcat instances from single app

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David, On 4/9/13 3:18 PM, David kerber wrote: > My system has several instances of TC 7.0.22, running on windows > server 2008 R2, and JRE 6.0.27. And yes, I know both TC and Java > could use an update... > > The TC instances are all running the s

Re: connectors - what are JK, AJP, APR

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jakub, While André has already answered, I think it's worth re-iterating what everything is, here. See below. On 4/9/13 11:03 AM, Jakub 1983 wrote: > 2) what does "native connectors" mean here ? A "native connector" is the native (i.e. non-Java) c

RE: Better SSL connector setup

> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Wednesday, April 10, 2013 12:09 PM > To: Tomcat Users List > Subject: Re: Better SSL connector setup > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > André, > > On 4/9/13 11:54 AM, Andr

Re: FW: Tomcat 5.5.20 not stopping and starting correctly

On Wed, Apr 10, 2013 at 12:02 PM, Tailor,Nilesh wrote: > Nothing has changed since it was last running (no windows updates/reboots > etc). We rebooted the server yesterday when we were debugging this issue > to see if a reboot would sort the issue out (but it did not). Its working > fine on othe

Re: Better SSL connector setup

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 4/9/13 11:54 AM, André Warnier wrote: > Harris, Jeffrey E. wrote: >> Chris, >> >>> -Original Message- From: Christopher Schultz >>> [mailto:ch...@christopherschultz.net] Sent: Tuesday, April 09, >>> 2013 10:01 AM To: Tomcat Users

RE: Tomcat version expiry date

> From: Kosuru, Satish [mailto:skos...@templeton.com] > Subject: Tomcat version expiry date > Server version: Apache Tomcat/6.0.13 > Server built: May 5 2007 03:39:58 That's nearly six years old and you should be embarrassed - and scared - about still using it. Many, many critical fixes have

RE: FW: Tomcat 5.5.20 not stopping and starting correctly

Nothing has changed since it was last running (no windows updates/reboots etc). We rebooted the server yesterday when we were debugging this issue to see if a reboot would sort the issue out (but it did not). Its working fine on other servers with the same application software. -Original

Re: problems faced in deploying servlet

Jason Brittain wrote: Hi all. On Tue, Mar 19, 2013 at 4:43 PM, Mark Eggers wrote: On 3/19/2013 1:05 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 [snip] Go get a copy of "Tomcat: The Definitive Guide" by Jason Brittain (who happens to lurk on this lis

Tomcat version expiry date

Hi, My system configuration is as follows# Using CATALINA_BASE: /usr/ftadapters/apache-tomcat-6.0.13 Using CATALINA_HOME: /usr/ftadapters/apache-tomcat-6.0.13 Using CATALINA_TMPDIR: /usr/ftadapters/apache-tomcat-6.0.13/temp Using JRE_HOME: /usr/jdk160_05 Server version: Apache Tomcat/6.

Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404

On Wed, Apr 10, 2013 at 10:35 AM, David kerber wrote: > On 4/10/2013 10:24 AM, Howard W. Smith, Jr. wrote: > >> On Wed, Apr 10, 2013 at 9:44 AM, David kerber >> wrote: >> >> On 4/10/2013 8:17 AM, Howard W. Smith, Jr. wrote: >>> >>> On Wed, Apr 10, 2013 at 8:00 AM, Caldarale, Charles R< ch

Re: FW: Tomcat 5.5.20 not stopping and starting correctly

On Wed, Apr 10, 2013 at 10:36 AM, Tailor,Nilesh wrote: Thanks for the reply. This has been working without any issues so far. > The problem started to appear yesterday. The strange thing is that it > does not write any error to the logs. > > It's always best to inform the (tomcat) list what cha

RE: FW: Tomcat 5.5.20 not stopping and starting correctly

Thanks for the reply. This has been working without any issues so far. The problem started to appear yesterday. The strange thing is that it does not write any error to the logs. -Original Message- From: Violeta Georgieva [mailto:miles...@gmail.com] Sent: Wednesday, April 10, 2013 10:

Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404

On 4/10/2013 10:24 AM, Howard W. Smith, Jr. wrote: On Wed, Apr 10, 2013 at 9:44 AM, David kerber wrote: On 4/10/2013 8:17 AM, Howard W. Smith, Jr. wrote: On Wed, Apr 10, 2013 at 8:00 AM, Caldarale, Charles R< chuck.caldar...@unisys.com> wrote: From: Howard W. Smith, Jr. [mailto:smithh03

Re: FW: Tomcat 5.5.20 not stopping and starting correctly

Hi, 2013/4/10 Tailor,Nilesh wrote: > > Hi, > > We currently have an issue whereby Tomcat 5.5.20 does not seem to stop and start correctly. When we stop the service the below message appears: > > 'Windows could not stop the Apache Tomcat 5.5.20 service on Local Computer. Error 109: The pipe has be

Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404

On Wed, Apr 10, 2013 at 9:44 AM, David kerber wrote: > On 4/10/2013 8:17 AM, Howard W. Smith, Jr. wrote: > >> On Wed, Apr 10, 2013 at 8:00 AM, Caldarale, Charles R< >> chuck.caldar...@unisys.com> wrote: >> >> From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com**] Subject: Tomcat acce

FW: Tomcat 5.5.20 not stopping and starting correctly

Hi, We currently have an issue whereby Tomcat 5.5.20 does not seem to stop and start correctly. When we stop the service the below message appears: 'Windows could not stop the Apache Tomcat 5.5.20 service on Local Computer. Error 109: The pipe has been ended.' When we start the service, we ar

Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404

On 4/10/2013 8:17 AM, Howard W. Smith, Jr. wrote: On Wed, Apr 10, 2013 at 8:00 AM, Caldarale, Charles R< chuck.caldar...@unisys.com> wrote: From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com] Subject: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404 a few min

Re: Inno Setup Script?

On 10 April 2013 12:47, Konstantin Kolinko wrote: > 2013/4/10 James Green : > > On 10 April 2013 11:55, Konstantin Kolinko > wrote: > > > >> 2013/4/10 James Green : > >> > I was hoping I could avoid that. > >> > > >> >(...) > >> > > >> > While this installs a service, as soon as I attempt to sta

Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404

On Wed, Apr 10, 2013 at 8:48 AM, Daniel Mikusa wrote: > On Apr 10, 2013, at 8:17 AM, Howard W. Smith, Jr. wrote: > > > This looks like a bot or automated script, checking to see if the Manager > app is available. If it found the app, you'd probably see it try some > exploit. Since you've remove

Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404

On Apr 10, 2013, at 8:17 AM, Howard W. Smith, Jr. wrote: > On Wed, Apr 10, 2013 at 8:00 AM, Caldarale, Charles R < > chuck.caldar...@unisys.com> wrote: > >>> From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com] >>> Subject: Tomcat access log reveals hack attempt: "HEAD /manager/html >> HTTP

Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404

On Wed, Apr 10, 2013 at 8:00 AM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com] > > Subject: Tomcat access log reveals hack attempt: "HEAD /manager/html > HTTP/1.0" 404 > > > a few minutes ago, I saw the following in the log

RE: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404

> From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com] > Subject: Tomcat access log reveals hack attempt: "HEAD /manager/html > HTTP/1.0" 404 > a few minutes ago, I saw the following in the log: > 113.11.200.30 - - [09/Apr/2013:19:26:58 -0400] "HEAD /manager/html HTTP/1.0" > 404 - > Thi

Re: Inno Setup Script?

2013/4/10 James Green : > On 10 April 2013 11:55, Konstantin Kolinko wrote: > >> 2013/4/10 James Green : >> > I was hoping I could avoid that. >> > >> >(...) >> > >> > While this installs a service, as soon as I attempt to start it I get a >> > failure. Nothing is logged by Tomcat, but in the even

Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404

Every now and then, I like to review localhost_access_log files, just to see who might be trying to access my web app, running on TomEE 1.6.0 snapshot (Tomcat 7.0.39). So, a few minutes ago, I saw the following in the log: 113.11.200.30 - - [09/Apr/2013:19:26:58 -0400] "HEAD /manager/html HTTP/1.0

Re: Inno Setup Script?

On 10 April 2013 11:55, Konstantin Kolinko wrote: > 2013/4/10 James Green : > > I was hoping I could avoid that. > > > >(...) > > > > While this installs a service, as soon as I attempt to start it I get a > > failure. Nothing is logged by Tomcat, but in the event service I get the > > following

Re: Inno Setup Script?

2013/4/10 James Green : > I was hoping I could avoid that. > >(...) > > While this installs a service, as soon as I attempt to start it I get a > failure. Nothing is logged by Tomcat, but in the event service I get the > following recorded: > > The Apache Tomcat 7 service terminated with service-sp

Re: Inno Setup Script?

I was hoping I could avoid that. Currently the thinking is to unpack the tomcat distribution, re-package inside a custom installer, and call bin\tomcat7.exe as per the windows service document. And indeed this works - to a point. The installer logs says: C:\Program Files\Our Local Services\tomca