java - Tomcat7 shows number of inactive users in tomcat manager -
hi have amazon ec2 server , i'm using server java applications last couple of days i'm facing 1 unusual issue , i'm worried 1 might playing server.
when logged tomcat manager using ipaddress:8080/manager. asked me enter username , password have in tomcat-user.xml file. when logged in system shows 1 active instance after few minutes shows me there more 1 user using tomcat manager question didn't share credential one. please check screenshot.
as can see there 94 session id available tomcat manager none of them have username , not active. 1 active logged in using username admin.
when checked server logs found trying authenticate using following roles root-tomcat-manager. attached logs.
sep 28, 2015 4:54:02 pm org.apache.catalina.realm.lockoutrealm authenticate warning: attempt made authenticate locked user "root" sep 28, 2015 4:55:07 pm org.apache.catalina.realm.lockoutrealm authenticate warning: attempt made authenticate locked user "admin" sep 28, 2015 4:56:44 pm org.apache.catalina.realm.lockoutrealm authenticate warning: attempt made authenticate locked user "manager" sep 29, 2015 7:08:16 org.apache.catalina.realm.lockoutrealm authenticate warning: attempt made authenticate locked user "root" sep 29, 2015 7:08:16 org.apache.catalina.realm.lockoutrealm authenticate warning: attempt made authenticate locked user "tomcat" sep 29, 2015 7:08:16 org.apache.catalina.realm.lockoutrealm authenticate warning: attempt made authenticate locked user "manager" sep 29, 2015 7:08:16 org.apache.catalina.realm.lockoutrealm authenticate warning: attempt made authenticate locked user "manager" sep 29, 2015 7:08:19 org.apache.catalina.realm.lockoutrealm authenticate warning: attempt made authenticate locked user "tomcat" sep 29, 2015 7:08:19 org.apache.catalina.realm.lockoutrealm authenticate warning: attempt made authenticate locked user "tomcat" i did google , update tomcat permission 755 750 , update it's user explained in many questions. i'm keep facing issue.
i'm not able resolve issue , i'm worried 1 keep playing system. so, question how can prevent attacks server or bug in tomcat(not sure this).
any appreciated. in advance.
as explained @aldebober can implement there easy solution decrease number of attacks on server.
tomcat work on port 8080 it's easy guess if hosting java web applications it'll running on port 8080. can change it's default port number number of attack can reduce need make 1 small change in server.xml file in tomcat/conf folder.
changes
<connector port="8585" protocol="http/1.1" connectiontimeout="20000" uriencoding="utf-8" redirectport="8443" />
update
make sure have strong password tomcat admin manager instead of default password.
Comments
Post a Comment