On Apr 29, 2014, at 12:08 PM, Leonardo Santagostini <lsantagost...@gmail.com> wrote:
> Hello list, > > Im facing an issue in 6 tomcat server that are getting penetrated and they > are executing malicious scripts on my server. Can you share more about what they are doing? It might give some clues as to how they are accessing your machines. For example, if they are deploying a WAR file to your server, it could mean that they have access to the Manager application on your server. Any details you can share, might be helpful. > Im using 7.0.53 on my servers. Running Centos 5.8 > > Let me know what information you need. Do you have an access log? If not, enable one. If the attacker is not deleting it, it could show you more about who they are and what requests they are executing to access your server. Assuming they are entering through your application and not some other way. Dan > > PS: This is my first mail to this list, so i apologize for this not gentle > presentation. > > Saludos.- > Leonardo Santagostini > > <http://ar.linkedin.com/in/santagostini> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org