Re: [jetty-users] jetty keeps getting hacked

[Steve Sobol - Lobos Studios <steve@xxxxxxxxxxxxxxxx>]

Which user is jetty running as?


Steve Sobol - Lobos Studios wrote:

File and directory permissions too permissive, maybe?

Kent Tong wrote:

Hi,

I have set up jetty-8.1.15.v20140411 on CentOS 6.5 with all the updates installed. However, jetty keeps getting hacked: malicious files (usually there is one named conf.n) are frequently created in jetty's directory (/opt/jetty). I have only enabled the minimum configuration in start.ini:

etc/jetty.xml

etc/jetty-annotations.xml

etc/jetty-ssl.xml

etc/jetty-deploy.xml

etc/jetty-contexts.xml

there is only one webapp installed which is nothing out of ordinary.

any idea? thanks in advance!

--

Kent Tong

IT author and consultant, child education coach

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

--
Lobos Studios - Website Design, Mobile App Development, IT Support
Toll Free Phone/FAX: 877.919.4WEB
Victor Valley Phone/FAX: 760.684.8859
Los Angeles Phone/FAX: 310.945.2410
Business Cell: 310.487.2362
www.LobosStudios.com * www.facebook.com/LobosStudios * @LobosStudios

--
Lobos Studios - Website Design, Mobile App Development, IT Support
Toll Free Phone/FAX: 877.919.4WEB
Victor Valley Phone/FAX: 760.684.8859
Los Angeles Phone/FAX: 310.945.2410
Business Cell: 310.487.2362
www.LobosStudios.com * www.facebook.com/LobosStudios * @LobosStudios