New backdoor worm found attacking websites running Apache Tomcat

Jump to latest Follow Reply
Status
You're currently viewing only Pirokobo's posts. Click here to go back to viewing the entire thread.
Not open for further replies.
Muted (0)
Sort by date Sort by votes
P

Pirokobo

Well-known member
1,732
  • #8
    [url=http://meincmagazine.com/civis/viewtopic.php?p=25724555#p25724555:2oxhe9xi said:
    motytrah[/url]":2oxhe9xi]

    One of the reasons I suspect the infection rate is so low is because very few people use the UI for production servers. You only need to set up an admin user if you want to use the UI to administer the server. You don't need to use the admin user to deploy a Java app. Just copy the WAR or EAR file into the webapp directory from the command prompt. Anything that can be managed in the UI can be managed in the config files from the command prompt too. The rare times I have seen the UI used in prod it was restricted behind a firewall or on a port on accessible internally.
    Click to expand...

    I Investigated this alert and realized our deployment garbage cleanup would actually be an effective anti-virus in this case, because the installed code would appear as an app that doesn't jive with our payload manifest. It'd treat it as a remnant of a faulted undeploy.
     
    Upvote
    1 (1 / 0)
    Status
    You're currently viewing only Pirokobo's posts. Click here to go back to viewing the entire thread.
    Not open for further replies.
    Jump to latest Follow Reply
    Jump to latest Follow Reply