users@glassfish.java.net

Re: How to disable unrequired header fields in glassfish 3.0.1 html responses

From: <glassfish_at_javadesktop.org>
Date: Mon, 02 Aug 2010 12:00:38 PDT

I have another good argument:

After monitoring my ubuntu log files I saw an attack pattern (i.e. on sshd) that I have never seen before.

Background:
Previously I use to have an apache webserver. I the logfiles I saw that attackers tried to call different urls or tried to connect via ssh with users that are common for apache environments. Since I have changed to Glassfish I have uninstalled apache and now I can see totally different attack patterns are being tried out by attackers. I am very sure this change of attack pattern is related to the fact that GF is telling everbod "hi - I am Glassfish + I support Servlets". From here hackers can start trying different stuff.

Here is some logging:

 sshd[11863]: Invalid user PlcmSpIp from 85.37.38.220
sshd[13776]: Invalid user plcmspip from 85.37.38.220
sshd[15704]: Invalid user plcmspip from 85.37.38.220
sshd[17541]: Invalid user db2inst1 from 85.37.38.220
sshd[18294]: Invalid user dasusr1 from 85.37.38.220
sshd[20167]: Invalid user ts from 85.37.38.220
sshd[22043]: Invalid user TeamSpeak from 85.37.38.220
sshd[23951]: Invalid user cisco from 85.37.38.220
sshd[25735]: Invalid user domin from 85.37.38.220
sshd[26442]: Invalid user svn from 85.37.38.220
sshd[28311]: Invalid user test from 85.37.38.220
sshd[30105]: Invalid user test from 85.37.38.220
sshd[32026]: Invalid user test from 85.37.38.220
sshd[1395]: Invalid user test from 85.37.38.220
sshd[3392]: Invalid user dream from 85.37.38.220
sshd[5431]: Invalid user suzuki from 85.37.38.220
sshd[7294]: Invalid user radmin from 85.37.38.220
sshd[9277]: Invalid user backuppc from 85.37.38.220
sshd[10220]: Invalid user jacob from 85.37.38.220
sshd[12078]: Invalid user ts from 85.37.38.220
sshd[13980]: Invalid user teamspeak from 85.37.38.220
sshd[15916]: Invalid user TeamSpeak from 85.37.38.220
sshd[17859]: Invalid user cyrus from 85.37.38.220
sshd[19712]: Invalid user cyrus from 85.37.38.220
[...]
sshd[1994]: Invalid user cvs from 85.37.38.220
sshd[3864]: Invalid user cvs from 85.37.38.220
sshd[5699]: Invalid user temp from 85.37.38.220
[...]
sshd[7252]: Invalid user globus from 218.93.205.205
sshd[17649]: Invalid user condor from 218.93.205.205
sshd[27908]: Invalid user tomcat from 218.93.205.205
sshd[7425]: Invalid user global from 218.93.205.205
sshd[18058]: Invalid user upload from 218.93.205.205
sshd[28471]: Invalid user jboss from 218.93.205.205
sshd[9668]: Invalid user postmaster from 218.93.205.205
sshd[22005]: Invalid user demo from 218.93.205.205


Now I think even more that any GF admin should have the opportunity to decide whcih unrequired headers should be disabled.

Is this only my opinion or do I get any support?

Nabi
[Message sent by forum member 'nabizamani']

http://forums.java.net/jive/thread.jspa?messageID=479146