I suggest removing all of the bundled web apps (in the webapps folder), including root, manager and host-manager.
Also, upgrade your JVM to the latest 1.5.x version, which I think is 1.5.15 or something like that. Finally, scan your app/system for vulnerabilities with something like these: https://www.mcafeesecure.com http://www.alertsite.com/security.shtml http://www.qualys.com/index.php Qualys and Alertsite have free trials. I suggest you use them. They may also be able to find a hole in your own web apps as your problem may not be in Tomcat, the JVM or the OS. Brian ________________________________ From: Len Popp <len.p...@gmail.com> To: Tomcat Users List <users@tomcat.apache.org> Sent: Thursday, January 22, 2009 10:27:31 AM Subject: Re: SECURITY breach in Tomcat This sounds like an attack that has been seen before: http://markmail.org/message/jrqw75yw3d3xh3p6 That message also has tips on tightening security. In those cases it seems that the security hole was a weak password for the manager webapp. -- Len On Thu, Jan 22, 2009 at 10:16, Toby Kurien <tobyis7...@gmail.com> wrote: > Hi, > I have a webapp for my company that has been running for several > years. Recently, we got infected by a trojan or virus and this has > been causing a lot of abnormal behavior. The trojan creates user > accounts in Windows and also creates web applications like safee.war > and zhu.war into the webapps folder of Tomcat and also shuts down > Tomcat. The trojan webapps have jsp and exe files which try to modify, > copy and delete files in the system and also try to access the > database. Symantec and Norton have not been able to rectify or detect > much. > I am totally at loss on what's going on and how to tighten or rectify > this. Anyone with any ideas is highly appreciated. > > Thanks, > -Toby > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
