[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[THREDDS #IXX-362335]: Urgent: UMASS Production Tomcat/THREDDS server shut down due to flood of DNS requests



Do you know how this file was uploaded to Tomcat and then run? Is it a .war 
file that was installed through the Tomcat manager app? Or did it get uploaded 
in some other way and run in some other way?

If the first, is the Tomcat manager available only through SSL and only to a 
restricted set of IP addresses? There's a section on doing that in this 
Security page in the TDS tutorials:

https://www.unidata.ucar.edu/software/thredds/current/tds/tds4.3/tutorial/Security.html

Ethan

> Hi All,
> 
> I just talked to Kent and Mike. They are working very hard on fixing
> this issue. Based on my understanding from Kent, he is cleaning the
> unknown files in Tomcat. He said he will restart Tomcat in about one
> hour, and monitor its performance.  Kent found some unknown files
> that was uploaded in Tomcat which is continuously running. It seems
> like virus file from China.   We need to find a way to stop anyone
> to upload the program to Tomcat.
> 
> Regards,
> 
> Chen


Ticket Details
===================
Ticket ID: IXX-362335
Department: Support THREDDS
Priority: Normal
Status: Open