Re: Malicious host is crashing my server
DumpFilter is a good idea. For the time being we have decided to just block the ip address. If it comes again from a different IP, I guess we will need to further examine! Thanks for all the good ideas Assaf - Original Message From: David Fisher dfis...@jmlafferty.com To: Tomcat Users List users@tomcat.apache.org Cc: Tomcat Users List users@tomcat.apache.org Sent: Mon, November 8, 2010 12:00:49 AM Subject: Re: Malicious host is crashing my server You could modify the RequestDumpFilter to only dump the request for that ip address. Regards, Dave Sent from my iPhone On Nov 7, 2010, at 12:28 PM, Assaf ass...@yahoo.com wrote: A filter to block is good. But then I would not be able to see him doing it again and then find out the issue. Assaf - Original Message From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Sent: Sun, November 7, 2010 6:48:20 PM Subject: RE: Malicious host is crashing my server From: Assaf [mailto:ass...@yahoo.com] Subject: Malicious host is crashing my server what can I do to better protect? As a temporary preventive measure, you can disable access from this particular IP address by configuring the RemoteAddrValve in server.xml: Valve className=org.apache.catalina.valves.RemoteAddrValve deny=79\.177\.23\.102/ That should give you some time to work out the real fix. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Malicious host is crashing my server
Use ngrep, tcpdump or wireshark to look at what he/she is requesting. If it is SQL injection you should rewrite your query's to use PreparedStatements. Ronald. Op zondag, 7 november 2010 18:31 schreef Assaf ass...@yahoo.com: Hi, It might be. But I am not sure how to find out more. Any suggestions? Assaf - Original Message From: Marc Boorshtein mboorsht...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Sun, November 7, 2010 6:29:09 PM Subject: Re: Malicious host is crashing my server JDBC? Are you sure its not an attempted SQL Injection attack? On Sun, Nov 7, 2010 at 12:23 PM, Assaf ass...@yahoo.com wrote: Hello, I have a recurring visitor (from a fixed IP address: bzq-79-177-23-102.red.bezeqint.net) who is constantly visiting my site and EACH time causes the server to crash. My server actually gets a JDBC begin failed error for the next http calls. Analyzing the logs, I cannot find out what is wrong. I can see it is a script as he is visiting the same pages in the same order (never downloading images/css/js). The only thing that I have noticed that is different with this user are the http headers he uses: Expand HTTP read ahead 1.0 I could not google anything about those. I am running tomcat 6.0.20 on linux with mysql. Anyone has an idea what this can be? How to find out? Also, what can I do to better protect? Thanks, Assaf - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Malicious host is crashing my server
wireshark culprits can bypass your filter this by changing ips much better to: 1)encrypt your data BEFORE you put it on the wire http://www.mobilefish.com/developer/bouncycastle/bouncycastle.html 2)Implement SSL on Tomcat http://mircwiki.rsna.org/index.php?title=Configuring_Tomcat_to_Support_SSL Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date: Mon, 8 Nov 2010 01:09:12 -0800 From: ass...@yahoo.com Subject: Re: Malicious host is crashing my server To: users@tomcat.apache.org DumpFilter is a good idea. For the time being we have decided to just block the ip address. If it comes again from a different IP, I guess we will need to further examine! Thanks for all the good ideas Assaf - Original Message From: David Fisher dfis...@jmlafferty.com To: Tomcat Users List users@tomcat.apache.org Cc: Tomcat Users List users@tomcat.apache.org Sent: Mon, November 8, 2010 12:00:49 AM Subject: Re: Malicious host is crashing my server You could modify the RequestDumpFilter to only dump the request for that ip address. Regards, Dave Sent from my iPhone On Nov 7, 2010, at 12:28 PM, Assaf ass...@yahoo.com wrote: A filter to block is good. But then I would not be able to see him doing it again and then find out the issue. Assaf - Original Message From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Sent: Sun, November 7, 2010 6:48:20 PM Subject: RE: Malicious host is crashing my server From: Assaf [mailto:ass...@yahoo.com] Subject: Malicious host is crashing my server what can I do to better protect? As a temporary preventive measure, you can disable access from this particular IP address by configuring the RemoteAddrValve in server.xml: Valve className=org.apache.catalina.valves.RemoteAddrValve deny=79\.177\.23\.102/ That should give you some time to work out the real fix. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Malicious host is crashing my server
Hello, I have a recurring visitor (from a fixed IP address: bzq-79-177-23-102.red.bezeqint.net) who is constantly visiting my site and EACH time causes the server to crash. My server actually gets a JDBC begin failed error for the next http calls. Analyzing the logs, I cannot find out what is wrong. I can see it is a script as he is visiting the same pages in the same order (never downloading images/css/js). The only thing that I have noticed that is different with this user are the http headers he uses: Expand HTTP read ahead 1.0 I could not google anything about those. I am running tomcat 6.0.20 on linux with mysql. Anyone has an idea what this can be? How to find out? Also, what can I do to better protect? Thanks, Assaf - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Malicious host is crashing my server
JDBC? Are you sure its not an attempted SQL Injection attack? On Sun, Nov 7, 2010 at 12:23 PM, Assaf ass...@yahoo.com wrote: Hello, I have a recurring visitor (from a fixed IP address: bzq-79-177-23-102.red.bezeqint.net) who is constantly visiting my site and EACH time causes the server to crash. My server actually gets a JDBC begin failed error for the next http calls. Analyzing the logs, I cannot find out what is wrong. I can see it is a script as he is visiting the same pages in the same order (never downloading images/css/js). The only thing that I have noticed that is different with this user are the http headers he uses: Expand HTTP read ahead 1.0 I could not google anything about those. I am running tomcat 6.0.20 on linux with mysql. Anyone has an idea what this can be? How to find out? Also, what can I do to better protect? Thanks, Assaf - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Malicious host is crashing my server
Hi, It might be. But I am not sure how to find out more. Any suggestions? Assaf - Original Message From: Marc Boorshtein mboorsht...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Sun, November 7, 2010 6:29:09 PM Subject: Re: Malicious host is crashing my server JDBC? Are you sure its not an attempted SQL Injection attack? On Sun, Nov 7, 2010 at 12:23 PM, Assaf ass...@yahoo.com wrote: Hello, I have a recurring visitor (from a fixed IP address: bzq-79-177-23-102.red.bezeqint.net) who is constantly visiting my site and EACH time causes the server to crash. My server actually gets a JDBC begin failed error for the next http calls. Analyzing the logs, I cannot find out what is wrong. I can see it is a script as he is visiting the same pages in the same order (never downloading images/css/js). The only thing that I have noticed that is different with this user are the http headers he uses: Expand HTTP read ahead 1.0 I could not google anything about those. I am running tomcat 6.0.20 on linux with mysql. Anyone has an idea what this can be? How to find out? Also, what can I do to better protect? Thanks, Assaf - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Malicious host is crashing my server
From: Assaf [mailto:ass...@yahoo.com] Subject: Malicious host is crashing my server what can I do to better protect? As a temporary preventive measure, you can disable access from this particular IP address by configuring the RemoteAddrValve in server.xml: Valve className=org.apache.catalina.valves.RemoteAddrValve deny=79\.177\.23\.102/ That should give you some time to work out the real fix. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Malicious host is crashing my server
the culprit will change IPs are you implementing SSL? are you encrypting your data before putting on the wire? Martin __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. From: chuck.caldar...@unisys.com To: users@tomcat.apache.org Date: Sun, 7 Nov 2010 11:48:20 -0600 Subject: RE: Malicious host is crashing my server From: Assaf [mailto:ass...@yahoo.com] Subject: Malicious host is crashing my server what can I do to better protect? As a temporary preventive measure, you can disable access from this particular IP address by configuring the RemoteAddrValve in server.xml: Valve className=org.apache.catalina.valves.RemoteAddrValve deny=79\.177\.23\.102/ That should give you some time to work out the real fix. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Malicious host is crashing my server
From: Martin Gainty [mailto:mgai...@hotmail.com] Subject: RE: Malicious host is crashing my server the culprit will change IPs That's why I said it was a temporary workaround. However, given the DNS name in use, it is likely assigned via DHCP by the perp's ISP, so an IP mask could be used to take out a range of IP addresses - at the risk of annoying any legitimate clients using the same ISP. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Malicious host is crashing my server
Do a search on SQL injection and you will get plenty of results Sent from my iPad On Nov 7, 2010, at 1:03 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Martin Gainty [mailto:mgai...@hotmail.com] Subject: RE: Malicious host is crashing my server the culprit will change IPs That's why I said it was a temporary workaround. However, given the DNS name in use, it is likely assigned via DHCP by the perp's ISP, so an IP mask could be used to take out a range of IP addresses - at the risk of annoying any legitimate clients using the same ISP. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Malicious host is crashing my server
I know what sql injection is. But I cannot find any clues to it. None of the requests have any paramers or posting. Anyone has an idea how to find if this is the case? - Original Message From: Marc Boorshtein mboorsht...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Sun, November 7, 2010 7:08:01 PM Subject: Re: Malicious host is crashing my server Do a search on SQL injection and you will get plenty of results Sent from my iPad On Nov 7, 2010, at 1:03 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Martin Gainty [mailto:mgai...@hotmail.com] Subject: RE: Malicious host is crashing my server the culprit will change IPs That's why I said it was a temporary workaround. However, given the DNS name in use, it is likely assigned via DHCP by the perp's ISP, so an IP mask could be used to take out a range of IP addresses - at the risk of annoying any legitimate clients using the same ISP. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Malicious host is crashing my server
A filter to block is good. But then I would not be able to see him doing it again and then find out the issue. Assaf - Original Message From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Sent: Sun, November 7, 2010 6:48:20 PM Subject: RE: Malicious host is crashing my server From: Assaf [mailto:ass...@yahoo.com] Subject: Malicious host is crashing my server what can I do to better protect? As a temporary preventive measure, you can disable access from this particular IP address by configuring the RemoteAddrValve in server.xml: Valve className=org.apache.catalina.valves.RemoteAddrValve deny=79\.177\.23\.102/ That should give you some time to work out the real fix. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Malicious host is crashing my server
That number is not necessarily the IP address used to connect to your server. On Sun, Nov 7, 2010 at 6:28 PM, Assaf ass...@yahoo.com wrote: A filter to block is good. But then I would not be able to see him doing it again and then find out the issue. Assaf - Original Message From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Sent: Sun, November 7, 2010 6:48:20 PM Subject: RE: Malicious host is crashing my server From: Assaf [mailto:ass...@yahoo.com] Subject: Malicious host is crashing my server what can I do to better protect? As a temporary preventive measure, you can disable access from this particular IP address by configuring the RemoteAddrValve in server.xml: Valve className=org.apache.catalina.valves.RemoteAddrValve deny=79\.177\.23\.102/ That should give you some time to work out the real fix. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Malicious host is crashing my server
On 07.11.2010 18:23, Assaf wrote: Hello, I have a recurring visitor (from a fixed IP address: bzq-79-177-23-102.red.bezeqint.net) who is constantly visiting my site and EACH time causes the server to crash. My server actually gets a JDBC begin failed error for the next http calls. Can you elaborate what you mean by crashing my server and JDBC begin failed error? It is very unclear to me. The solution might well depend on the problem observed ;) Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Malicious host is crashing my server
Any cookies or headers? Sent from my iPad On Nov 7, 2010, at 1:27 PM, Assaf ass...@yahoo.com wrote: I know what sql injection is. But I cannot find any clues to it. None of the requests have any paramers or posting. Anyone has an idea how to find if this is the case? - Original Message From: Marc Boorshtein mboorsht...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Sun, November 7, 2010 7:08:01 PM Subject: Re: Malicious host is crashing my server Do a search on SQL injection and you will get plenty of results Sent from my iPad On Nov 7, 2010, at 1:03 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Martin Gainty [mailto:mgai...@hotmail.com] Subject: RE: Malicious host is crashing my server the culprit will change IPs That's why I said it was a temporary workaround. However, given the DNS name in use, it is likely assigned via DHCP by the perp's ISP, so an IP mask could be used to take out a range of IP addresses - at the risk of annoying any legitimate clients using the same ISP. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Malicious host is crashing my server
What do the server logs actually show? What do the database logs show? Depending upon the database, turn on the maximum level of debugging to see what they are issuing. It might even be a crawler doing this accidentally. Can you access the same pages in the same order with no ill effects to the server? On 8/11/10 6:42 AM, Marc Boorshtein mboorsht...@gmail.com wrote: Any cookies or headers? Sent from my iPad On Nov 7, 2010, at 1:27 PM, Assaf ass...@yahoo.com wrote: I know what sql injection is. But I cannot find any clues to it. None of the requests have any paramers or posting. Anyone has an idea how to find if this is the case? - Original Message From: Marc Boorshtein mboorsht...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Sun, November 7, 2010 7:08:01 PM Subject: Re: Malicious host is crashing my server Do a search on SQL injection and you will get plenty of results Sent from my iPad On Nov 7, 2010, at 1:03 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Martin Gainty [mailto:mgai...@hotmail.com] Subject: RE: Malicious host is crashing my server the culprit will change IPs That's why I said it was a temporary workaround. However, given the DNS name in use, it is likely assigned via DHCP by the perp's ISP, so an IP mask could be used to take out a range of IP addresses - at the risk of annoying any legitimate clients using the same ISP. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Malicious host is crashing my server
You could modify the RequestDumpFilter to only dump the request for that ip address. Regards, Dave Sent from my iPhone On Nov 7, 2010, at 12:28 PM, Assaf ass...@yahoo.com wrote: A filter to block is good. But then I would not be able to see him doing it again and then find out the issue. Assaf - Original Message From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Sent: Sun, November 7, 2010 6:48:20 PM Subject: RE: Malicious host is crashing my server From: Assaf [mailto:ass...@yahoo.com] Subject: Malicious host is crashing my server what can I do to better protect? As a temporary preventive measure, you can disable access from this particular IP address by configuring the RemoteAddrValve in server.xml: Valve className=org.apache.catalina.valves.RemoteAddrValve deny=79\.177\.23\.102/ That should give you some time to work out the real fix. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org