[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[THREDDS #IXX-362335]: Urgent: UMASS Production Tomcat/THREDDS server shut down due to flood of DNS requests

This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.

  • Subject: [THREDDS #IXX-362335]: Urgent: UMASS Production Tomcat/THREDDS server shut down due to flood of DNS requests
  • Date: Tue, 22 Apr 2014 11:26:41 -0600
Do you know how this file was uploaded to Tomcat and then run? Is it a .war 
file that was installed through the Tomcat manager app? Or did it get uploaded 
in some other way and run in some other way?

If the first, is the Tomcat manager available only through SSL and only to a 
restricted set of IP addresses? There's a section on doing that in this 
Security page in the TDS tutorials:

https://www.unidata.ucar.edu/software/thredds/current/tds/tds4.3/tutorial/Security.html

Ethan

> Hi All,
> 
> I just talked to Kent and Mike. They are working very hard on fixing
> this issue. Based on my understanding from Kent, he is cleaning the
> unknown files in Tomcat. He said he will restart Tomcat in about one
> hour, and monitor its performance.  Kent found some unknown files
> that was uploaded in Tomcat which is continuously running. It seems
> like virus file from China.   We need to find a way to stop anyone
> to upload the program to Tomcat.
> 
> Regards,
> 
> Chen


Ticket Details
===================
Ticket ID: IXX-362335
Department: Support THREDDS
Priority: Normal
Status: Open