You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by marketing <ma...@pu-gong-ying.info> on 2011/02/22 20:57:51 UTC

Site Attack

I notice a high density of warming messages in a TC log file this morning.
The message is "an attempt was made to authenticate the locked user
'admin'". I guess that a script was used to hack into the admin account.
How the attack occurs? And how to have a good protection?


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Site Attack

Posted by Mark Thomas <ma...@apache.org>.

On 22/02/2011 19:57, marketing wrote:
> I notice a high density of warming messages in a TC log file this morning.
> The message is "an attempt was made to authenticate the locked user
> 'admin'". I guess that a script was used to hack into the admin account.
> How the attack occurs? And how to have a good protection?

The ASF uses fail2ban for this sort of thing. To many login failures in
the logs and fail2ban configures the firewall to drop all packets from
the source IP address. You can configure fail2ban to respond pretty much
however you want.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org