[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[THREDDS #IXX-362335]: Urgent: UMASS Production Tomcat/THREDDS server shut down due to flood of DNS requests



Do you know how this file was uploaded to Tomcat and then run? Is it a .war 
file that was installed through the Tomcat manager app? Or did it get uploaded 
in some other way and run in some other way?

If the first, is the Tomcat manager available only through SSL and only to a 
restricted set of IP addresses? There's a section on doing that in this 
Security page in the TDS tutorials:

https://www.unidata.ucar.edu/software/thredds/current/tds/tds4.3/tutorial/Security.html

Ethan

> Hi All,
> 
> I just talked to Kent and Mike. They are working very hard on fixing
> this issue. Based on my understanding from Kent, he is cleaning the
> unknown files in Tomcat. He said he will restart Tomcat in about one
> hour, and monitor its performance.  Kent found some unknown files
> that was uploaded in Tomcat which is continuously running. It seems
> like virus file from China.   We need to find a way to stop anyone
> to upload the program to Tomcat.
> 
> Regards,
> 
> Chen


Ticket Details
===================
Ticket ID: IXX-362335
Department: Support THREDDS
Priority: Normal
Status: Open


NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.