• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Security Issue

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We’ve been hacked and our qmail is generating errors and not sending out mail confirming customers’ orders (with download links). Qmail is on our A2 hosting VPS server running apache. Tried various fixes but scant progress. The qmail problem appears to be “client not allowed to relay”. Thought I’d try : - The Qmail service can be restart via the SSH terminal by issuing the following command # service qmail restart.
SSH terminal (on the A2 VPS/Kloxo Lxadmin panel) said that Java was out of date, upgraded it Version 8 build 66 but still having problems, now getting an error after SSH fires up Java
Security Exception Found unsigned entry in resource
162.212.135.84:7778/thirdparty/sshterm-applet/SSHTermApplet-signed.jar
(the URL is our entry to VPS server)
Error Details:-
Java Plug-in 11.66.2.1
Using JRE version 1.8.0_66-b18 Java HotSpot(TM) Client VM
User home directory = C:\Users\Tom
----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>

The error message has a button to “ignore” but this doesn’t help, it still reverts to the error screen.
Have tried adding:-(prefixed by http://)
162.212.135.84:7778/
162.212.135.84:7778/thirdparty/
162.212.135.84:7778/thirdparty/sshterm-applet/
162.212.135.84:7778/thirdparty/sshterm-applet/SSHTermApplet-signed.jar
to the Java Control Panel/Security/Exemption Site List.

Have also tried reducing security settings on Java Control Panel/Advanced/
Perform signed code certificate revocation checks – do not check
Perform TLS certificate revocation checks – do not check

Neither had any effect, can you offer suggestions on what to try next?
 
Rancher
Posts: 1093
29
Netbeans IDE Oracle MySQL Database Tomcat Server C++ Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Look at the date on SSHTermApplet-signed.jar and see if it has changed.
 
Tom White
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the response, but where do I find the file? I can't find a "thirdparty" folder on the A2 server.

Regarding the tools link, searched the page but there's no mention of applet or jar. I presumed it was a tool for amending date?
 
Les Morgan
Rancher
Posts: 1093
29
Netbeans IDE Oracle MySQL Database Tomcat Server C++ Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you know the name of the file, then run a search and it should find it.

Tom White wrote:Thanks for the response, but where do I find the file? I can't find a "thirdparty" folder on the A2 server.

Regarding the tools link, searched the page but there's no mention of applet or jar. I presumed it was a tool for amending date?

 
reply
    Bookmark Topic Watch Topic
  • New Topic