Re: [jetty-users] jetty keeps getting hacked

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] jetty keeps getting hacked

From: Haupt-Konto <dev@xxxxxxxxxxxx>
Date: Fri, 01 Aug 2014 21:03:26 +0200
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
User-agent: Roundcube Webmail/0.9.5

As mentioned in another mail from Steve Sobol, folder rights andexecuting user might be useful. What priviledges does this user have(/etc/group)?


Some further clues:

- Never run a container server as root; Register Jetty on someuser-valid port, i.e. 8080 and let it listen on loopback-device only.- Following, set up a proxy HTTP server. Have in mind, that this proxymust be secure, caused by the fact, that it must listen on port 80 -AFAIK there is no way to bind a port lower than 1024 with non-rootpriviledges.

You might also use IP tables to forward traffic. However, this is anon-optimal solution due to the fact, that some further Linuxdevelopment might break your set up.


Best regards

Am 2014-08-01 18:25, schrieb Joakim Erdfelt:

What's in conf.n? (details please)
What do you have in your webapp? (be detailed)
How do you start Jetty? (your command line *AND* your start.ini and
start.d/ contents)
Do you customize anything in ${jetty.home}? (like lib or xml files)

Do you run elasticsearch on your machine?

--
Joakim Erdfelt <joakim@xxxxxxxxxxx>
webtide.com [2] - intalio.com/jetty [3]
Expert advice, services and support from from the Jetty & CometD
experts
eclipse.org/jetty [4] - cometd.org [5]

On Fri, Aug 1, 2014 at 9:16 AM, Kent Tong <kent.tong.mo@xxxxxxxxx>
wrote:

Hi,

I have set up jetty-8.1.15.v20140411 on CentOS 6.5 with all the
updates installed. However, jetty keeps getting hacked: malicious
files (usually there is one named conf.n) are frequently created in
jetty's directory (/opt/jetty). I have only enabled the minimum
configuration in start.ini:

etc/jetty.xml
etc/jetty-annotations.xml
etc/jetty-ssl.xml
etc/jetty-deploy.xml

etc/jetty-contexts.xml

there is only one webapp installed which is nothing out of ordinary.


any idea? thanks in advance!

--

Kent Tong
IT author and consultant, child education coach
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or
unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users [1]




Links:
------
[1] https://dev.eclipse.org/mailman/listinfo/jetty-users
[2] http://www.webtide.com/
[3] http://intalio.com/jetty
[4] http://eclipse.org/jetty/
[5] http://cometd.org/

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or
unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

Follow-Ups:
- Re: [jetty-users] jetty keeps getting hacked
  - From: Jesse McConnell

References:
- [jetty-users] jetty keeps getting hacked
  - From: Kent Tong
- Re: [jetty-users] jetty keeps getting hacked
  - From: Joakim Erdfelt

Prev by Date: Re: [jetty-users] jetty keeps getting hacked
Next by Date: Re: [jetty-users] jetty keeps getting hacked
Previous by thread: Re: [jetty-users] jetty keeps getting hacked
Next by thread: Re: [jetty-users] jetty keeps getting hacked
Index(es):
- Date
- Thread

Breadcrumbs