Hi All, I'm using Tomcat 7.0.40 for hosted application. I have not configured any user accounts for tomcat (admin, manager, user etc.). Recently my deployed web application was damaged. Restarting tomcat recovered it back.
But it seems someone tried to access my tomcat and delete some files(I guess class file of index.jsp as mentioned in the log). I have added my log files [0], [1], [2] and [3]. Currently I have my jsp directory outside the WEB-INF directory (yes, it's bad practice and I'll correct it). 1. Do you see any issues after looking my log files ? May be due to a bad configuration/practice etc. 2. And can someone delete files if there are no user accounts for tomcat ? 3. Is it possible to secure my tomcat with this kind of issues by deleting manager and ROOT directories of tomcat/webapps/ ? Highly appreciate if you can share your thoughts. [0] : localhost.log <http://pastie.org/private/nlbick7wddmlg9rybtgg> [1] : catalina.log <http://pastie.org/private/wb1dkzfdqzpwb9ygtbrcwg> [2] : localhost_access_log.txt<http://pastie.org/private/mlp1buwtqmygiutdcnxuza> [3] : manager.log <http://pastie.org/private/olr1ydofyh29wcabhb1w> Regards ! *Chanaka*
