On Thu, Jan 22, 2009 at 4:39 PM, Toby Kurien <tobyis7...@gmail.com> wrote:
> [ Tomcat hacked ] Basic lesson concerning security: If a system is once compromised, there is only one option: Dump it and set it up vanilla. Why? It's because you have no idea what additional malware has been installed be the initial bandit. There are hints that conficker (the latest worm everybody is talking about) abuses not only the known weaknesses which should have been closed by the latest patches but also additional ones. Therefore: - get a BIG can of coffee, tell your sweetheart, it's gonna be late tonite - take your server off the network - save your Tomcat-configs - scrutinize your configs carefully - set up your server from scratch (vanilla) - set up Tomcat from a vanilla download - adapt the Tomcat-configs so that they match the previous ones - if the manager-app is really necessary, change the password - re-install your webapps from your sources (backups might also have been compromised The next advise might sound a bit arrogant, however, I believe it's the best one you can get: Use some OS other than windows. HTH Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
