Do you know how this file was uploaded to Tomcat and then run? Is it a .war file that was installed through the Tomcat manager app? Or did it get uploaded in some other way and run in some other way? If the first, is the Tomcat manager available only through SSL and only to a restricted set of IP addresses? There's a section on doing that in this Security page in the TDS tutorials: https://www.unidata.ucar.edu/software/thredds/current/tds/tds4.3/tutorial/Security.html Ethan > Hi All, > > I just talked to Kent and Mike. They are working very hard on fixing > this issue. Based on my understanding from Kent, he is cleaning the > unknown files in Tomcat. He said he will restart Tomcat in about one > hour, and monitor its performance. Kent found some unknown files > that was uploaded in Tomcat which is continuously running. It seems > like virus file from China. We need to find a way to stop anyone > to upload the program to Tomcat. > > Regards, > > Chen Ticket Details =================== Ticket ID: IXX-362335 Department: Support THREDDS Priority: Normal Status: Open
NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.