Dear Kiran, there might be many other ways to compromise your server. But I wonder about the application you run on you Tomcat and if you know about the wide-used exploit in the Java JSF library "Primefaces" (see https://www.exploit-db.com/exploits/43733/).
With greetings Guido >-----Original Message----- >From: Kiran Badi [mailto:ki...@poonam.org] >Sent: Wednesday, May 16, 2018 7:13 PM >To: Tomcat Users List <users@tomcat.apache.org> >Subject: Re: Amazon EC2 Tomcat 7.0.85 not starting up due to some memory issue >.Please mask if > >Yes tomcat is not starting up. I am also suspecting that EC2 instance was >probably compromised. Not sure as how but I see some rogue programs were >running under tomcat user. I use putty with private keys to login and those >keys are not in public view for sure. >
