Security - Attack

[Laura <la...@libero.it>]

Hi all,

well I have, in my opinion, a very interesting question.

Last week we went in a production enviroment: we have apache + tomcat with an important web application xxx (http.conf has JkMount /xxx worker).

Well, this morning I have discovered that somebody has tried to attack my server: in the Apache error log I have found calls as /scripts/..%5c%5c../winnt/system32/cmd.exe, /scripts/....., and so on.

My question is: is Tomcat secure? How can I do Tomcat secure? Is all my system secure? ( my machine is a solaris 8).


Thanks



Laura

Re: Security - Attack

[peter lin <pe...@labs.gte.com>]

apache and tomcat aren't vulnerable, but putting up a firewall to block
the IP might be a good idea. For my own server I zone alarm pro, which
will block IP trying this exact type of exploit.

peter


Laura wrote:
> 
> Hi all,
> 
> well I have, in my opinion, a very interesting question.
> 
> Last week we went in a production enviroment: we have apache + tomcat with an important web application xxx (http.conf has JkMount /xxx worker).
> 
> Well, this morning I have discovered that somebody has tried to attack my server: in the Apache error log I have found calls as /scripts/..%5c%5c../winnt/system32/cmd.exe, /scripts/....., and so on.
> 
> My question is: is Tomcat secure? How can I do Tomcat secure? Is all my system secure? ( my machine is a solaris 8).
> 
> Thanks
> 
> Laura

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Security - Attack

[David Cassidy <dc...@nisports.com>]

It's the usual muppet that has been infected...

Apart from cloging up your logs they do nothing on an apache server

:)

Of course if you are daft enough to run IIS ......


 >:->

D


Stuart Stephen wrote:

>I think they are code red attacks. These shouldn't be anything to worry
>about on a Tomcat server if I am correct in my thinking. They only affect
>IIS.
>
>-----Original Message-----
>From: Laura [mailto:lauradiara@libero.it]
>Sent: 13 June 2002 09:35
>To: Tomcat Users List
>Subject: Security - Attack
>
>
>Hi all,
>
>well I have, in my opinion, a very interesting question.
>
>Last week we went in a production enviroment: we have apache + tomcat with
>an important web application xxx (http.conf has JkMount /xxx worker).
>
>Well, this morning I have discovered that somebody has tried to attack my
>server: in the Apache error log I have found calls as
>/scripts/..%5c%5c../winnt/system32/cmd.exe, /scripts/....., and so on.
>
>My question is: is Tomcat secure? How can I do Tomcat secure? Is all my
>system secure? ( my machine is a solaris 8).
>
>
>Thanks
>
>
>
>Laura
>
>
>
>
>--
>To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
>For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>  
>



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

RE: Security - Attack

[Stuart Stephen <sw...@swadge.co.uk>]

I think they are code red attacks. These shouldn't be anything to worry
about on a Tomcat server if I am correct in my thinking. They only affect
IIS.

-----Original Message-----
From: Laura [mailto:lauradiara@libero.it]
Sent: 13 June 2002 09:35
To: Tomcat Users List
Subject: Security - Attack


Hi all,

well I have, in my opinion, a very interesting question.

Last week we went in a production enviroment: we have apache + tomcat with
an important web application xxx (http.conf has JkMount /xxx worker).

Well, this morning I have discovered that somebody has tried to attack my
server: in the Apache error log I have found calls as
/scripts/..%5c%5c../winnt/system32/cmd.exe, /scripts/....., and so on.

My question is: is Tomcat secure? How can I do Tomcat secure? Is all my
system secure? ( my machine is a solaris 8).


Thanks



Laura




--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>