Toby Kurien wrote: > Seems like the infection was related to the loose (default) password > of the manager app. I suppose changing that fixed the problem.
There is *no* default password for the manager application. You have to configure it yourself. If you have a Tomcat distribution that does have a default password for the manager application please let us know where you got it from so we can try and get that security hole in that non-Apache distro fixed. Mark > > On Thu, Jan 22, 2009 at 4:26 PM, Toby Kurien <tobyis7...@gmail.com> wrote: >> thanks. I only need ROOT and myApp (which is my application). I am the >> developer, admin, everything. And yes, we moved between physical >> server racks that actually host Virtual environments. >> >> On Thu, Jan 22, 2009 at 3:15 PM, Gregor Schneider <rc4...@googlemail.com> >> wrote: >>>> Moving servers mean we moved it physically from one box to another. IP >>>> and DNS stays the same when we move. >>>> Btw: Can I take off all the apps from webapps, except ROOT and myApp? >>>> Hacker or virus is probably exploiting some vulnerability in them. As >>>> of now, tomcat is running after restarting the whole box, but I am >>>> afraid if it will shutdown or crash. >>>> >>> box == server-rack? >>> >>> Since I got no idea of your application's structure, I can't give you >>> any advice of what to remove and what to keep. >>> >>> Just that much: >>> >>> ROOT.war ist the default application when you call your server i.e. at >>> www.yourserver.com. >>> >>> Provided myApp.war is a known application, *theoretically* it might be >>> possible that it needs additional apps, if it uses servlet-chaing >>> etc.. >>> >>> It might be helpful if you could post the result of >>> >>> cd [Tomcat-Installation-Directory] >>> dir -s >>> >>> The best method actually would be if you contact the developer of the >>> application(s) hosted, ask them about what they expect within their >>> application-directories and remove the rest. >>> >>> Toby, I'm afraid I'll have to call it a day now, however, since the >>> guys from the US should be about to wake up after yesterday's >>> inauguration-party, I'm pretty sure they will help you to get your >>> feet back on the ground. >>> >>> I'll check the list tomorrow anyways. >>> >>> Good luck! >>> >>> Gregor >>> -- >>> just because your paranoid, doesn't mean they're not after you... >>> gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 >>> gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
