Thanks Gregor. We are looking at setting up in Linux, but that is going to take longer to get a LIVE environment up and running. I have in the past already setup Tomcat from scratch 2-3 times and the infection just keeps coming. Only open port is 80 and network access is disabled. In fact, one of my previous builds on another machine that was similarly infected, now stops showing signs of it after we moved the server. So it seems the DNS (url) is compromised and only that machine is hacked/infected into.
On Thu, Jan 22, 2009 at 11:17 AM, Gregor Schneider <rc4...@googlemail.com> wrote: > On Thu, Jan 22, 2009 at 4:39 PM, Toby Kurien <tobyis7...@gmail.com> wrote: > >> [ Tomcat hacked ] > > Basic lesson concerning security: > > If a system is once compromised, there is only one option: > > Dump it and set it up vanilla. > > Why? > > It's because you have no idea what additional malware has been > installed be the initial bandit. > > There are hints that conficker (the latest worm everybody is talking > about) abuses not only the known weaknesses which should have been > closed by the latest patches but also additional ones. > > Therefore: > > - get a BIG can of coffee, tell your sweetheart, it's gonna be late tonite > > - take your server off the network > > - save your Tomcat-configs > > - scrutinize your configs carefully > > - set up your server from scratch (vanilla) > > - set up Tomcat from a vanilla download > > - adapt the Tomcat-configs so that they match the previous ones > > - if the manager-app is really necessary, change the password > > - re-install your webapps from your sources (backups might also have > been compromised > > The next advise might sound a bit arrogant, however, I believe it's > the best one you can get: > > Use some OS other than windows. > > HTH > > Gregor > -- > just because your paranoid, doesn't mean they're not after you... > gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 > gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
