Toby, On Thu, Jan 22, 2009 at 5:27 PM, Toby Kurien <tobyis7...@gmail.com> wrote: > Thanks Gregor. We are looking at setting up in Linux, but that is > going to take longer to get a LIVE environment up and running. I have > in the past already setup Tomcat from scratch 2-3 times and the > infection just keeps coming. Only open port is 80 and network access > is disabled. >
Did you setup Tomcat only or did you setup the complete server incl. the OS (Windows)? I know setting up the server from scratch is a PITA, however, I believe you don't have any other choice. In Windows, the virus usually will reside somewhere outside from Tomcat. Therefore, you should set up the OS first (preferably from CD/DVD) then a fresh JDK download, then a fresh Tomcat-Download. You shoudl also check the integrity of the downloads, FOr Tomcat, that's pretty easy (see http://tomcat.apache.org/download-60.cgi, "Release Integrity"), for the JDK, however, I'm not aware of any integrity-check. > In fact, one of my previous builds on another machine > that was similarly infected, now stops showing signs of it after we > moved the server. So it seems the DNS (url) is compromised and only > that machine is hacked/infected into. > What exactly do you mean by "moved the server"? Did you assign a different IP? Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
