2015-02-16 13:43 GMT+03:00 Mathias af Jochnick <math...@lightlabs.se>: > Our server has been in production for years without issues, but today it > crashed out of the blue. > > Last in the logs: > > Exception in thread "main" java.lang.NoClassDefFoundError: > aasxknsakadskdskdskdsakmxxads > Caused by: java.lang.ClassNotFoundException: aasknsakadskdskdskdsakmads > at java.net.URLClassLoader$1.run(URLClassLoader.java:217) > at java.security.AccessController.doPrivileged(Native Method) > at java.net.URLClassLoader.findClass(URLClassLoader.java:205) > at java.lang.ClassLoader.loadClass(ClassLoader.java:321) > at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294) > at java.lang.ClassLoader.loadClass(ClassLoader.java:266) > > Could not find the main class: aasxknsakadskdskdskdsakxxmads. Program will > exit. > > > While its obvious what caused the crash, i have no clue as to why. We have no > new production code, nothing has changed as far as we know. I'm not sure how > to investigate this, to me it seems like some sort of dynamic class-loading > hack attempt? > > Can i look for some configured service to turn off? > > I'm at a loss so any pointers on how to investigate / prevent this would be > extremely appreciated. > > Tomcat/6.0.28
If your web application is rather old, you may be running a vulnerable version of Apache Struts (earlier than 2.3.16.2). If so, your server may have been hacked. http://struts.apache.org/announce.html The above stacktrace is an attempt to run a Java program. You may try searching for "aasxknsakadskdskdskdsakxxmads" string across your Tomcat installation. If there is such a class, it will be either a filename, or a string in index entry of a zip (jar) archive. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
