You should look at the client query, not agent to get an idea about security. Curl client is not that uncomon. I use is (as long as wget, depending on server) to download files from public server directy to my own server. Example of use here are - download a JVM from sun website (wget 'url' or curl 'url') - download additional perl modules from CPAN - test a connection :)
it could also be part of a script that is pumping your webcontent for various indexing reason. Althought, in last case, nasty indexers tends to mimic firefox or internet explorer as client :) Last but not least it could also be a user which has changed, for unknown reason, it's navigator identity for a test and forgot to reset it back to normal before going to the net. En l'instant précis du 23/08/07 09:25, Lyallex s'exprimait en ces termes: > (Debian) Linux 2.6.11.12-xenU > Tomcat 5.5.20 > Java 1.5.0_04 > > This question concerns access to a running Tomcat instance by a > previously unseen/unknown user agent. > I have been developing commercial sites in Java for a number of years > now but this is the first time I have > deployed a commercial application on my own and hence I am a complete > beginner when it comes to dealing with > nefarious nerks trying to hack my installation. > > Is it a 'Tomcat' question ?... I'm not sure but here goes anyway. > > The following might be quite harmless but it would be nice to hear of > others exp' in this area > > Looking at the user agent section of my Webalizer generated access log > analysis page I can see the following entry > > curl/7.12.1 (i386-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0. > > I have been to http://curl.haxx.se/ and it seems to my (currently) > inexperienced eye > that this software _could_ be used to do all sorts of despicable > things to a web site. > I guess it could also be used to 'build your own browser' so I'm not > panicking just yet > > I have telnet and ftp disabled and access the server via ssh and scp. > > Is this likely to be some dismal little hacker trying to probe my defenses or > am I worrying unnecessarily. > > I will investigate curl further of course. > > Thanks > Duncan > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > -- http://www.noooxml.org/ --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
