[LinuxUsers] Could use some help please,
Roger E. Rustad, Jr
roger.rustad at gmail.com
Wed Aug 20 06:25:23 UTC 2008
Ann Richmond wrote:
> Hi, its Ann Richmond.
> A few weeks ago we found some applications had been installed under
> tomcat on a few servers. The war file was there as well as the expanded
> apps.
I'll bet you've got pwned.
Perhaps someone else has answered this, but I would recommend googling
some of the security websites and seeing if there is anything (default
security settings, easy passwords, etc) that kiddie scripters are taking
advantage of.
Also, have you checked out chkrootkit?
http://www.chkrootkit.org/
What user is Tomcat running under? Maybe someone got root access quite
easily that way...
More information about the LinuxUsers
mailing list