Ann Richmond wrote:
Hi, its Ann Richmond.
A few weeks ago we found some applications had been installed under
tomcat on a few servers. The war file was there as well as the expanded
apps.
I'll bet you've got pwned.
Perhaps someone else has answered this, but I would recommend googling
some of the security websites and seeing if there is anything (default
security settings, easy passwords, etc) that kiddie scripters are taking
advantage of.
Also, have you checked out chkrootkit?
http://www.chkrootkit.org/
What user is Tomcat running under? Maybe someone got root access quite
easily that way...
