Re: Apache/Tomcat vulnerability

[Jaaz Portal <ja...@gmail.com>]

hi,
i just wanted to let you know that the we have migrated to WildFly
application server
and our server is up online 24/24h from three weeks.

Since this time it has never freezed so I suppose i was right saying
somebody found DoS exploit on tomcat.

Unfortunately I cannot help you in figure causes of this freeze that
happened one or two times a week.

best wishes,
artur

2016-12-01 2:46 GMT+01:00 Christopher Schultz <ch...@christopherschultz.net>
:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Jaaz,
>
> On 11/30/16 1:41 PM, Jaaz Portal wrote:
> > no it looks like dos, its dos
> >
> > i told you they dosed before bind server until we changed it to
> > other vendor, and later was scanning my host for apache
> > vulnerabilities
>
> Okay, let's just end this because obviously we've never going to get
> to the bottom of it.
>
> $ sudo iptables -A INPUT -s evil.host.pl -p tcp -m tcp -j DROP
>
> If they start coming at you from multiple IPs, use CIDR notation to
> block a whole subnet or whatever.
>
> Then when these "attacks" keep happening, you can block-out the whole
> world and you're application will never seize-up again.
>
> Review your configuration as Mark has suggested. If things are still
> not working, re-post with some actual data instead of just
> continuously posting "we are under attack, they dos bind, they dos
> mod_jk, they dos mod_proxy, what can we do?".
>
> Post. Logs.
>
> A single log line saying "server reached MaxRequestWorkers setting,
> consider raising the MaxRequestWorkers setting" is not an indication
> of any problem at all other than (lack of) accurate capacity planning.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJYP4D1AAoJEBzwKT+lPKRYM6AP/2H+NEy27YU92ccllLOcnBsA
> V8RW+lGUjI/nxYqODw2B1cjE8zhnvtPRokdWIkLu0rQA4mg7p/3iLcBvdkZXMAkc
> k16aZZk+wbtTgsqK/2ORQ+5lfn3nd4QTk2tzB/z/jJnb+7vp6/qa7ESpZLXi7p3U
> TniCZz0gVrykF7NVS1Ospvw/JcEuuFeo4gMnXIupYOqF9jlI1y0HydVreIOCwgq6
> fn/4UA9Ku6iGYuPE+k8AQvgbQ3ILaODVanUPTtLQstjfXpHUVGerakclUoxIOawH
> ZkzKledtsFzLByPFdI6/Y9+WXDAVtwCKVEFNWc2lHbogy6FC+5ozubRwC5MP8CO4
> vicaCl7X+hDwDfxAZEZp1pbGrAd0G7YGgzTSKz5r61t9opv8k5HjWqGFiB2MFob1
> jedbWvE40w/d54kuy+1MUAqjH5wM1Rw4hY7glALHiNVs1z5m83YFPYQhcbGdsi31
> PxAA5OTVU8hggsbVcq9P5qjYOIQlLH+b2//K2eZK/4QV6u9u0jMuhMq/eeEy93JW
> HPb0Uri/TK+LajrJ3fsMTKhWZDS4VkCB+kkJ3BedKDnq1yQMqckJW5WKx4wgaZHA
> lxnDbxPjq4nZLI3odsG1eiU7/7yl32tPTy3b038iTacihl5hMdIFZXM5VkoKvdi8
> AGidy4ZhsZ920ZAZQqJS
> =dqVz
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>