You should do what I did. For Code Red and similar exploits, create a bunch of mod_rewrite filters (in httpd.conf - for Apache) that redirects all those requests to www.microsoft.com instead. After all, they ARE responsible, aren't they? :)
> -----Original Message----- > From: Stuart Stephen [mailto:[EMAIL PROTECTED]] > Sent: den 13 juni 2002 10:43 > To: Tomcat Users List > Subject: RE: Security - Attack > > > I think they are code red attacks. These shouldn't be > anything to worry > about on a Tomcat server if I am correct in my thinking. They > only affect > IIS. > > -----Original Message----- > From: Laura [mailto:[EMAIL PROTECTED]] > Sent: 13 June 2002 09:35 > To: Tomcat Users List > Subject: Security - Attack > > > Hi all, > > well I have, in my opinion, a very interesting question. > > Last week we went in a production enviroment: we have apache > + tomcat with > an important web application xxx (http.conf has JkMount /xxx worker). > > Well, this morning I have discovered that somebody has tried > to attack my > server: in the Apache error log I have found calls as > /scripts/..%5c%5c../winnt/system32/cmd.exe, /scripts/....., and so on. > > My question is: is Tomcat secure? How can I do Tomcat secure? > Is all my > system secure? ( my machine is a solaris 8). > > > Thanks > > > > Laura > > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
