您好我有一个在Amazon EC2服务器和我使用的这台服务器为我的Java应用程序,但是从几天我现在面临一个非常不寻常的问题的最后几个和我很担心,说不定有人会玩我的服务器。
Hi I have an amazon ec2 server and I'm using this server for my Java applications but from last couple of days I'm facing one very unusual issue and I'm worried that some one might playing with my server.
在我使用的 ip地址登录到我的Tomcat管理器:8080 /经理。它要求我输入用户名和密码,我在Tomcat的user.xml文件。当我登录到系统中就显示了它表明我,有使用Tomcat管理多个用户几分钟后,只有一个活动的实例,但问题是我没有与任何一个共享我的凭据。请检查这张截图。
When I logged into my tomcat manager using ipaddress:8080/manager. It asked me to enter username and password which I have in tomcat-user.xml file. When I logged in to the system it shows only one active instance after few Minutes it shows me that there are more than one user using tomcat manager but the question is I didn't share my credential with any one. Please check this screenshot.
正如你可以看到有94会话ID可我的Tomcat管理器,但他们都没有用户名,他们也并不活跃。只有一个是积极的,从我登录使用用户名admin。
As you can see there are 94 session id available for my tomcat manager but none of them have Username and they are also not active. Only one is active from which I logged in using username admin.
当我检查服务器日志,我也发现了一些尝试使用以下角色根的tomcat-经理进行身份验证。附上日志。
When I checked server logs I also found that some is trying to authenticate using following roles root-tomcat-manager. Attached are the logs.
Sep 28, 2015 4:54:02 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "root"
Sep 28, 2015 4:55:07 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "admin"
Sep 28, 2015 4:56:44 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "manager"
Sep 29, 2015 7:08:16 AM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "root"
Sep 29, 2015 7:08:16 AM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "tomcat"
Sep 29, 2015 7:08:16 AM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "manager"
Sep 29, 2015 7:08:16 AM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "manager"
Sep 29, 2015 7:08:19 AM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "tomcat"
Sep 29, 2015 7:08:19 AM org.apache.catalina.realm.LockOutRealm authenticate
WARNING: An attempt was made to authenticate the locked user "tomcat"
我做了一些谷歌,我更新的tomcat许可755到750,并同时更新它的用户在很多问题能够解释。但我继续面临这个问题。
I did some google and I update tomcat permission from 755 to 750 and also update it's user which explained in many questions. But I'm keep facing this issue.
我不能够解决这个问题,我担心有人是跟上我的系统播放。所以,我的问题是我怎么能prevent攻击,这样从我的服务器或这在Tomcat中只是一个错误(不知道这一点)。
I'm not able to resolve this issue and I'm worried that some one is keep playing with my system. So, my question is how can I prevent attacks like this from my server or This is just a bug in tomcat(not sure about this).
任何帮助将AP preciated。先谢谢了。
Any help will be appreciated. Thanks in advance.
推荐答案
作为解释的 @aldebober 我们可以实现它,但有另一种简单的解决方案,以减少发作次数您的服务器。
As explained by @aldebober we can implement it but there is another easy solution to decrease number of attacks on your server.
Tomcat的基本工作端口 8080 ,所以很容易被人猜测,如果我们是东道主比它会在端口上运行的Java Web应用程序的 8080 。但是我们可以改变它的默认端口号使一些攻击可以减少这样做,我们需要在一个小的变化 server.xml中 在的tomcat / conf目录文件文件夹。
Tomcat basically work on port 8080 so it's easy to guess by anyone that if we are hosting java web applications than it'll be running on port 8080. But we can change it's default port number so that number of attack can be reduce to do so we need to make one small change in Server.xml file in tomcat/conf folder.
更改
<连接器端口=8585协议=HTTP / 1.1connectionTimeout =20000的URIEncoding =UTF-8redirectPort =8443/>
更新
请确保你有强大的密码为您的Tomcat管理经理,而不是默认密码。
Make sure you have strong password for your tomcat admin manager instead of default password.
相关推荐
最新文章