On 6/10/06, hv @ Fashion Content <[EMAIL PROTECTED]> wrote:
I had an incident on my server the other day where someone had succesfully broken into the server to execute a port scanner.
do you have any kind of logs?
The port scanner was running under the tomcat process so I assume the breakin was done by getting through the Tomcat manager app.
When you say under the tomcat process, what do you mean: same process id as java org.apache.catalina.startup.Bootstrap start ? or same a child process of the tomcat process, or just the same userid? regards Leon
At first I feared that I had made a blunder and left the standard tomcat user as manager, but that wasn't the case. Actually while the UserDatabase is defined in the setup it isn't used as I use a JNDIReam pointing to OpenLDAP where only one manager account is defined. So did they just use brute force, or might there be another way they could have gotten in? Henrik http://www.blingon.com --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
