• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved uninstall tomcat

C

ChrisPlesk

New Pleskian
Hello!

I use Plesk to configure a server. Sometimes (I think)tomcat produce a lot of CPU usage.

Did I need Tomcat7 on my server ?
If not, how can I remove it?

I tried to uninstall it from the components. But I think it is still there. For example I find it afer some updates as a running process. Before I try to stop it with the command: /usr/local/psa/admin/bin/tomcatmng --stop

Thanks for help.

Regards Chris
 
Here is my warning message:

Server: xxx.stratoserver.net.

Der Status des Serversystem-Parameters "Services > CPU-Auslastung durch Apache" wurde von "green" in "red" geändert.

top - 00:36:40 up 5 min, 0 users, load average: 0.89, 0.60, 0.30
Tasks: 132 total, 4 running, 128 sleeping, 0 stopped, 0 zombie
%Cpu(s): 13.3 us, 2.3 sy, 1.2 ni, 74.9 id, 8.2 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem: 4015352 total, 1057836 used, 2957516 free, 43972 buffers
KiB Swap: 7999480 total, 0 used, 7999480 free. 527292 cached Mem

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
6091 psaadm 20 0 276108 27544 18468 D 43.6 0.7 0:00.08 sw-engine
6089 psaadm 20 0 273068 22524 16388 R 31.2 0.6 0:00.06 sw-engine
6090 psaadm 20 0 273724 24700 18080 R 31.2 0.6 0:00.07 sw-engine
6092 psaadm 20 0 276108 27548 18468 D 31.2 0.7 0:00.09 sw-engine
6093 psaadm 20 0 273200 23648 17296 R 31.2 0.6 0:00.07 sw-engine
5854 tomcat7 20 0 1521096 105444 13512 S 12.5 2.6 1:09.77 java
1247 mysql 20 0 755304 95224 7272 S 6.2 2.4 0:02.73 mysqld
1 root 20 0 33328 2616 1388 S 0.0 0.1 0:03.98 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0
4 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0
5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:+
7 root 20 0 0 0 0 S 0.0 0.0 0:00.21 rcu_sched
8 root 20 0 0 0 0 S 0.0 0.0 0:00.12 rcuos/0
9 root 20 0 0 0 0 S 0.0 0.0 0:00.10 rcuos/1
10 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuos/2
11 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuos/3
12 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_bh
13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/0
14 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/1
15 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/2
16 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcuob/3
17 root rt 0 0 0 0 S 0.0 0.0 0:00.18 migration/0
18 root rt 0 0 0 0 S 0.0 0.0 0:00.03 watchdog/0
19 root rt 0 0 0 0 S 0.0 0.0 0:00.00 watchdog/1
20 root rt 0 0 0 0 S 0.0 0.0 0:00.11 migration/1
21 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/1
22 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kworker/1:0
23 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/1:+
24 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 khelper
25 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kdevtmpfs
26 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 netns
27 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 writeback
28 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kintegrityd
29 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
30 root 0 -20 0 0 0 S 0.0 0.0 0:00.01 kworker/u9+
31 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kblockd
32 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 ata_sff
33 root 20 0 0 0 0 S 0.0 0.0 0:00.00 khubd
34 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 md
35 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 devfreq_wq
36 root 20 0 0 0 0 S 0.0 0.0 0:00.32 kworker/0:1
37 root 20 0 0 0 0 S 0.0 0.0 0:00.27 kworker/1:1
38 root 20 0 0 0 0 S 0.0 0.0 0:00.00 khungtaskd
39 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kswapd0
40 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 vmstat
41 root 25 5 0 0 0 S 0.0 0.0 0:00.00 ksmd
42 root 39 19 0 0 0 S 0.0 0.0 0:00.05 khugepaged
43 root 20 0 0 0 0 S 0.0 0.0 0:00.00 fsnotify_m+
44 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ecryptfs-k+
45 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 crypto
57 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kthrotld
60 root 20 0 0 0 0 S 0.0 0.0 0:00.03 kworker/0:2
79 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 deferwq
80 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 charger_ma+
125 root 20 0 0 0 0 S 0.0 0.0 0:00.14 scsi_eh_0
126 root 20 0 0 0 0 S 0.0 0.0 0:00.15 scsi_eh_1
127 root 20 0 0 0 0 S 0.0 0.0 0:00.01 scsi_eh_2
128 root 20 0 0 0 0 S 0.0 0.0 0:00.01 scsi_eh_3
132 root 20 0 0 0 0 S 0.0 0.0 0:00.16 kworker/u8+
133 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kworker/u8+
154 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
155 root 20 0 0 0 0 S 0.0 0.0 0:00.00 md0_raid1
159 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
160 root 20 0 0 0 0 D 0.0 0.0 0:00.08 md1_raid1
161 root 0 -20 0 0 0 S 0.0 0.0 0:00.02 kworker/u9+
162 root 0 -20 0 0 0 S 0.0 0.0 0:00.05 kworker/u9+
167 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 raid5wq
194 root 20 0 0 0 0 S 0.0 0.0 0:00.02 jbd2/md1-8
195 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 ext4-rsv-c+
334 root 20 0 0 0 0 S 0.0 0.0 0:00.00 jbd2/md0-8
335 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 ext4-rsv-c+
364 root 20 0 19472 648 456 S 0.0 0.0 0:00.13 upstart-ud+
384 root 20 0 51588 1720 948 S 0.0 0.0 0:00.53 systemd-ud+
408 root 20 0 15272 392 196 S 0.0 0.0 0:00.06 upstart-fi+
421 syslog 20 0 255836 1184 764 S 0.0 0.0 0:00.03 rsyslogd
445 root 20 0 0 0 0 S 0.0 0.0 0:00.00 scsi_eh_4
446 root 20 0 0 0 0 S 0.0 0.0 0:00.00 scsi_eh_5
447 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 edac-poller
448 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kpsmoused
454 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kvm-irqfd-+
456 message+ 20 0 39124 1000 660 S 0.0 0.0 0:00.04 dbus-daemon
522 root 20 0 35016 1532 1224 S 0.0 0.0 0:00.00 systemd-lo+
572 root 20 0 15256 400 200 S 0.0 0.0 0:00.03 upstart-so+
738 root 20 0 10224 2592 296 S 0.0 0.1 0:00.00 dhclient
1114 root 20 0 14988 1008 820 S 0.0 0.0 0:00.00 xinetd
1115 root 20 0 4364 640 496 S 0.0 0.0 0:00.00 acpid
1130 root 20 0 61376 3016 2336 S 0.0 0.1 0:00.00 sshd
1160 root 20 0 23648 996 740 S 0.0 0.0 0:00.00 cron
1161 daemon 20 0 19132 160 0 S 0.0 0.0 0:00.00 atd
1179 root 20 0 19188 724 492 S 0.0 0.0 0:00.03 irqbalance
1181 bind 20 0 173936 14256 1932 S 0.0 0.4 0:00.03 named
1740 root 20 0 347844 17680 12236 S 0.0 0.4 0:00.05 php5-fpm
1825 root 20 0 137568 64348 2392 S 0.0 1.6 0:02.22 /usr/sbin/+
1870 popuser 20 0 137568 62844 888 S 0.0 1.6 0:00.00 spamd child
1872 popuser 20 0 137568 62856 900 S 0.0 1.6 0:00.00 spamd child
1910 root 20 0 18028 1292 968 S 0.0 0.0 0:00.00 dovecot
1935 dovecot 20 0 9536 1016 856 S 0.0 0.0 0:00.00 anvil
1936 root 20 0 9672 1204 876 S 0.0 0.0 0:00.00 log
1938 root 20 0 25180 2316 1212 S 0.0 0.1 0:00.01 config
1999 root 20 0 1208440 19992 3104 S 0.0 0.5 0:09.49 fail2ban-s+
2497 root 20 0 28268 1296 360 S 0.0 0.0 0:00.00 nginx
2499 nginx 20 0 28272 1960 612 S 0.0 0.0 0:00.00 nginx
...
 
Try to uninstall it with following command:

# plesk installer --select-release-current --remove-component java
 
I suggest to add an event "Update installed" from the event manager, so that each time after an update was installed you either stop the services you don't want or deinstall them.

However, it does sound a bit strange that an update re-installs a component that you configured that you do not want to have on the system at all and that is not present at the time of the update. If the component is missing, how should the updater know to update it?
 
Thanks for the hint. I put a script on the event "Update installed":

/usr/local/psa/admin/bin/tomcatmng --stop
plesk installer --select-release-current --remove-component java

But here is a copy from the newest update message. He wants to update tomcat.

Folgende Updates installieren:

  • libpq5 9.3.16-0ubuntu0.14.04
  • libservlet3.0-java 7.0.52-1ubuntu0.10
  • libtomcat7-java 7.0.52-1ubuntu0.10
  • linux-libc-dev 3.13.0-109.156
  • tomcat7 7.0.52-1ubuntu0.10
  • tomcat7-admin 7.0.52-1ubuntu0.10
  • tomcat7-common 7.0.52-1ubuntu0.10
  • tomcat7-examples 7.0.52-1ubuntu0.10
Click to expand...

How can I get rid of Java and Tomcat?

Thanks for help.
 
It does not look wrong to me that files are being updated that might not be in use. The system will update all files in dependencies, regardless whether they are being used or not.

Have you actually tried to remove the service from the operating system?
# sudo apt-get remove tomcat7 tomcat7-admin tomcat7-common tomcat7-examples

I am not sure about dependencies, because of the libtomcat7-java line in the output above. I'd not do it if it was my machine.
 
Hello Peter,

thanks for your answer. No, I did't try to remove tomcat with the following code:

sudo apt-get remove tomcat7 tomcat7-admin tomcat7-common tomcat7-examples

Is there any alternative way?
 
If you have deactivated the component in Plesk and if you are not using anything from tomcat, why not remove the libraries from your system?
 
Hello Peter,

but you said "I am not sure about dependencies, because of the libtomcat7-java line in the output above. I'd not do it if it was my machine."

Are you sure, that everything works fine?
 
No I am not sure. If I was you, I would not do any special extra problem configurations on a system. If the libary does not want to be removed, let it be on the system. There will be a reason for that it is still there. You can go ahead and remove it, but of course there is always a risk that other components need it that you cannot be aware of at this time.
 
Hi ChrisPlesk,

ChrisPlesk said:
Is there any alternative way?
Click to expand...
The "alternative" way is to use "aptitude purge" instead of "apt-get remove". You will notice, that "aptitude" is a bit more powerfull and is even able to suggest alternative solutions, if one of the installed ( and to be removed ) packages depend on other packages on your server.

You are always able to CHECK dependencies for a package with the command:

apt-cache depends YOUR-PACKAGE-NAME
 
Because something else is using it? A software that you are not aware of? Maybe remove it from the system and then see what other components quit working, then you'll know.
 
Ok, I will look after it. I am confused because I don't have activate tomcat7(Support for Tomcat Java Servlets) in Plesk. But after nearly every update I have to stop Tomcat manually.

Ohne Titel.png


How can I see which software is starting Tomcat7?
 
I think you can find logs of Tomcat in /var/log/tomcat5/, they should tell you what it is doing.
 
vim catalina.out.15.gz

WARNUNG: An attempt was made to authenticate the locked user "tomcat"
Dez 18, 2016 12:41:32 AM org.apache.catalina.realm.LockOutRealm authenticate
WARNUNG: An attempt was made to authenticate the locked user "tomcat"
Dez 18, 2016 12:41:33 AM org.apache.catalina.realm.LockOutRealm authenticate
WARNUNG: An attempt was made to authenticate the locked user "tomcat"
Dez 18, 2016 12:42:04 AM org.apache.catalina.realm.LockOutRealm authenticate
WARNUNG: An attempt was made to authenticate the locked user "tomcat"
Dez 18, 2016 12:42:20 AM org.apache.catalina.realm.LockOutRealm authenticate
WARNUNG: An attempt was made to authenticate the locked user "tomcat"
Dez 18, 2016 12:42:20 AM org.apache.catalina.realm.LockOutRealm authenticate
WARNUNG: An attempt was made to authenticate the locked user "tomcat"
Dez 18, 2016 12:42:20 AM org.apache.catalina.realm.LockOutRealm authenticate
WARNUNG: An attempt was made to authenticate the locked user "tomcat"
Dez 18, 2016 6:28:24 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNUNG: An attempt was made to authenticate the locked user "tomcat"
Dez 18, 2016 6:28:43 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNUNG: An attempt was made to authenticate the locked user "tomcat"
Dez 18, 2016 6:29:19 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNUNG: An attempt was made to authenticate the locked user "tomcat"
Dez 18, 2016 6:29:37 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNUNG: An attempt was made to authenticate the locked user "tomcat"
Dez 18, 2016 6:30:53 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNUNG: An attempt was made to authenticate the locked user "admin"
Dez 18, 2016 6:31:11 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNUNG: An attempt was made to authenticate the locked user "admin"
Dez 18, 2016 6:31:29 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNUNG: An attempt was made to authenticate the locked user "admin"
Dez 18, 2016 6:32:59 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNUNG: An attempt was made to authenticate the locked user "manager"
Dez 18, 2016 6:34:46 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNUNG: An attempt was made to authenticate the locked user "root"
Dez 18, 2016 6:35:04 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNUNG: An attempt was made to authenticate the locked user "root"
Dez 18, 2016 6:35:23 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNUNG: An attempt was made to authenticate the locked user "root"
Dez 18, 2016 6:35:44 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNUNG: An attempt was made to authenticate the locked user "root"
Dez 18, 2016 6:36:05 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNUNG: An attempt was made to authenticate the locked user "root"
Dez 18, 2016 6:36:24 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNUNG: An attempt was made to authenticate the locked user "root"
Dez 18, 2016 6:36:44 PM org.apache.catalina.realm.LockOutRealm authenticate
WARNUNG: An attempt was made to authenticate the locked user "root"
Dez 18, 2016 6:37:04 PM org.apache.catalina.realm.LockOutRealm authenticate
....

===========================================================


localhost_access_log.2016-12-18.txt

82.253.226.190 - - [18/Dec/2016:00:38:52 +0000] "GET /status?full=true HTTP/1.1" 404 981
182.253.226.190 - - [18/Dec/2016:00:38:52 +0000] "GET / HTTP/1.1" 200 1895
182.253.226.190 - - [18/Dec/2016:00:38:53 +0000] "GET /script HTTP/1.1" 404 981
182.253.226.190 - - [18/Dec/2016:00:38:53 +0000] "GET /jenkins/script HTTP/1.1" 404 997
182.253.226.190 - - [18/Dec/2016:00:39:04 +0000] "GET /jmx-console HTTP/1.1" 404 991
182.253.226.190 - - [18/Dec/2016:00:39:05 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:39:06 +0000] "GET / HTTP/1.1" 200 1895
182.253.226.190 - - [18/Dec/2016:00:39:20 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:39:20 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:39:22 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:39:22 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:39:22 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:39:38 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:39:38 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:39:40 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:39:55 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:39:56 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:39:56 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:40:28 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:40:59 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:41:14 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:41:15 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:41:15 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:41:16 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:41:16 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:41:32 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:41:32 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:41:33 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:42:04 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:42:20 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:42:20 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:42:20 +0000] "GET /manager/html HTTP/1.1" 401 2486
182.253.226.190 - - [18/Dec/2016:00:42:38 +0000] "GET //administrator HTTP/1.1" 404 997
182.253.226.190 - - [18/Dec/2016:00:42:38 +0000] "GET /joomla/administrator HTTP/1.1" 404 1009
182.253.226.190 - - [18/Dec/2016:00:42:40 +0000] "GET /cms/administrator HTTP/1.1" 404 1003
182.253.226.190 - - [18/Dec/2016:00:43:01 +0000] "GET /cgi-bin/php HTTP/1.1" 404 991
182.253.226.190 - - [18/Dec/2016:00:43:02 +0000] "GET /cgi-bin/php5 HTTP/1.1" 404 993
182.253.226.190 - - [18/Dec/2016:00:43:02 +0000] "GET /phpmyadmin HTTP/1.1" 404 989
182.253.226.190 - - [18/Dec/2016:00:43:02 +0000] "GET /phpMyAdmin HTTP/1.1" 404 989
182.253.226.190 - - [18/Dec/2016:00:43:03 +0000] "GET /mysql HTTP/1.1" 404 979
182.253.226.190 - - [18/Dec/2016:00:43:20 +0000] "GET / HTTP/1.1" 200 1895
182.253.226.190 - - [18/Dec/2016:00:43:21 +0000] "GET /sqlite/main.php HTTP/1.1" 404 999
182.253.226.190 - - [18/Dec/2016:00:43:21 +0000] "GET /SQLite/SQLiteManager-1.2.4/main.php HTTP/1.1" 404 1039
182.253.226.190 - - [18/Dec/2016:00:43:42 +0000] "GET /SQlite/main.php HTTP/1.1" 404 999
182.253.226.190 - - [18/Dec/2016:00:43:42 +0000] "GET /SQLiteManager/main.php HTTP/1.1" 404 1013
182.253.226.190 - - [18/Dec/2016:00:43:42 +0000] "GET /webdav HTTP/1.1" 404 981
182.253.226.190 - - [18/Dec/2016:00:44:03 +0000] "GET /wordpress/wp-login.php HTTP/1.1" 404 1013
182.253.226.190 - - [18/Dec/2016:00:44:03 +0000] "GET /wp/wp-login.php HTTP/1.1" 404 999
182.253.226.190 - - [18/Dec/2016:00:44:04 +0000] "GET /blog/wp-login.php HTTP/1.1" 404 1003
91.196.50.33 - - [18/Dec/2016:02:29:45 +0000] "GET /testproxy.php HTTP/1.1" 404 995
192.99.238.190 - - [18/Dec/2016:09:46:15 +0000] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 -
212.92.127.143 - - [18/Dec/2016:11:38:52 +0000] "GET / HTTP/1.0" 200 1895
42.51.159.251 - - [18/Dec/2016:12:31:54 +0000] "GET /manager/html HTTP/1.1" 401 2486
42.51.159.251 - - [18/Dec/2016:12:31:55 +0000] "GET /manager/html HTTP/1.1" 401 2486
...


I can find all IP-Adresses in AbuseIPDB - IP address abuse reports - Making the Internet safer, one IP at a time ... I had activate all Jails to protect the server against brute-force attacks...
Ohne Titel.png

How can I protect my server against tomcat7 attacks?

Regards Chris
 
No further entries after December 18, 2016? You are saying that Tomcat is consuming CPU load but not logging anything?
 
I stop Tomcat everytime after an update.

I am not sure. As I post before:

26/Jan/2017=>

6091 psaadm 20 0 276108 27544 18468 D 43.6 0.7 0:00.08 sw-engine
6089 psaadm 20 0 273068 22524 16388 R 31.2 0.6 0:00.06 sw-engine
6090 psaadm 20 0 273724 24700 18080 R 31.2 0.6 0:00.07 sw-engine
6092 psaadm 20 0 276108 27548 18468 D 31.2 0.7 0:00.09 sw-engine
6093 psaadm 20 0 273200 23648 17296 R 31.2 0.6 0:00.07 sw-engine
5854 tomcat7 20 0 1521096 105444 13512 S 12.5 2.6 1:09.77 java


This happend everytime tomcat7 is running.

For example on 26/Jan/2017 => localhost_access_log.2017-01-26.txt

123.59.61.214 - - [26/Jan/2017:02:11:35 +0100] "GET /favicon.ico HTTP/1.1" 404 991
61.164.149.209 - - [26/Jan/2017:06:00:12 +0100] "GET / HTTP/1.1" 200 1895
61.164.149.209 - - [26/Jan/2017:06:00:12 +0100] "CONNECT www.linode.com:443 HTTP/1.1" 400 -
61.164.149.209 - - [26/Jan/2017:06:00:13 +0100] "CONNECT www.linode.com:443 HTTP/1.1" 400 -
61.164.149.209 - - [26/Jan/2017:06:00:13 +0100] "CONNECT www.linode.com:443 HTTP/1.1" 400 -
31.172.95.161 - - [26/Jan/2017:07:33:23 +0100] "GET / HTTP/1.1" 200 1895
31.172.95.161 - - [26/Jan/2017:07:33:23 +0100] "GET /script HTTP/1.1" 404 981
31.172.95.161 - - [26/Jan/2017:07:33:23 +0100] "GET /jenkins/script HTTP/1.1" 404 997
31.172.95.161 - - [26/Jan/2017:07:33:23 +0100] "GET /login HTTP/1.1" 404 979
31.172.95.161 - - [26/Jan/2017:07:33:23 +0100] "GET /jmx-console HTTP/1.1" 404 991
31.172.95.161 - - [26/Jan/2017:07:33:24 +0100] "GET /manager/html HTTP/1.1" 401 2486
31.172.95.161 - - [26/Jan/2017:07:33:24 +0100] "GET / HTTP/1.1" 200 1895
31.172.95.161 - - [26/Jan/2017:07:33:24 +0100] "GET / HTTP/1.1" 200 1895
31.172.95.161 - - [26/Jan/2017:07:33:24 +0100] "GET /manager/html HTTP/1.1" 401 2486
31.172.95.161 - - [26/Jan/2017:07:33:25 +0100] "GET /manager/html HTTP/1.1" 401 2486
31.172.95.161 - - [26/Jan/2017:07:33:25 +0100] "GET /manager/html HTTP/1.1" 401 2486
31.172.95.161 - - [26/Jan/2017:07:33:25 +0100] "GET /manager/html HTTP/1.1" 401 2486
31.172.95.161 - - [26/Jan/2017:07:33:25 +0100] "GET /manager/html HTTP/1.1" 401 2486
31.172.95.161 - - [26/Jan/2017:07:33:25 +0100] "GET /manager/html HTTP/1.1" 401 2486
31.172.95.161 - - [26/Jan/2017:07:33:25 +0100] "GET /msd HTTP/1.1" 404 975
31.172.95.161 - - [26/Jan/2017:07:33:25 +0100] "GET /mySqlDumper HTTP/1.1" 404 991
31.172.95.161 - - [26/Jan/2017:07:33:25 +0100] "GET /msd1.24stable HTTP/1.1" 404 995
31.172.95.161 - - [26/Jan/2017:07:33:25 +0100] "GET /msd1.24.4 HTTP/1.1" 404 987
31.172.95.161 - - [26/Jan/2017:07:33:25 +0100] "GET /mysqldumper HTTP/1.1" 404 991
31.172.95.161 - - [26/Jan/2017:07:33:25 +0100] "GET /MySQLDumper HTTP/1.1" 404 991
31.172.95.161 - - [26/Jan/2017:07:33:25 +0100] "GET /mysql HTTP/1.1" 404 979
31.172.95.161 - - [26/Jan/2017:07:33:25 +0100] "GET /sql HTTP/1.1" 404 975
31.172.95.161 - - [26/Jan/2017:07:33:25 +0100] "GET /phpmyadmin HTTP/1.1" 404 989
31.172.95.161 - - [26/Jan/2017:07:33:25 +0100] "GET /phpMyAdmin HTTP/1.1" 404 989
31.172.95.161 - - [26/Jan/2017:07:33:25 +0100] "GET /mysql HTTP/1.1" 404 979
31.172.95.161 - - [26/Jan/2017:07:33:25 +0100] "GET /sql HTTP/1.1" 404 975
31.172.95.161 - - [26/Jan/2017:07:33:25 +0100] "GET /myadmin HTTP/1.1" 404 983
31.172.95.161 - - [26/Jan/2017:07:33:25 +0100] "GET /phpMyAdmin-4.2.1-all-languages HTTP/1.1" 404 1029
31.172.95.161 - - [26/Jan/2017:07:33:25 +0100] "GET /phpMyAdmin-4.2.1-english HTTP/1.1" 404 1017
31.172.95.161 - - [26/Jan/2017:07:33:25 +0100] "GET / HTTP/1.1" 200 1895
31.172.95.161 - - [26/Jan/2017:07:33:26 +0100] "GET /sqlite/main.php HTTP/1.1" 404 999
31.172.95.161 - - [26/Jan/2017:07:33:26 +0100] "GET /SQLite/SQLiteManager-1.2.4/main.php HTTP/1.1" 404 1039
31.172.95.161 - - [26/Jan/2017:07:33:26 +0100] "GET /SQLiteManager-1.2.4/main.php HTTP/1.1" 404 1025
31.172.95.161 - - [26/Jan/2017:07:33:26 +0100] "GET /sqlitemanager/main.php HTTP/1.1" 404 1013
31.172.95.161 - - [26/Jan/2017:07:33:26 +0100] "GET /SQlite/main.php HTTP/1.1" 404 999
31.172.95.161 - - [26/Jan/2017:07:33:26 +0100] "GET /SQLiteManager/main.php HTTP/1.1" 404 1013
185.40.4.46 - - [26/Jan/2017:09:18:32 +0100] "GET /recordings/ HTTP/1.1" 404 991
185.40.4.46 - - [01/Jan/1970:00:59:59 +0100] "-" 400 -
91.196.50.33 - - [26/Jan/2017:10:33:27 +0100] "GET /testproxy.php HTTP/1.1" 404 995
100.34.1.117 - - [26/Jan/2017:11:01:20 +0100] "GET / HTTP/1.0" 200 1895
123.59.57.251 - - [26/Jan/2017:11:46:31 +0100] "GET /favicon.ico HTTP/1.1" 404 991
31.172.95.161 - - [26/Jan/2017:12:29:21 +0100] "GET / HTTP/1.1" 200 1895
31.172.95.161 - - [26/Jan/2017:12:29:21 +0100] "GET / HTTP/1.1" 200 1895
31.172.95.161 - - [26/Jan/2017:12:29:22 +0100] "GET /script HTTP/1.1" 404 981
31.172.95.161 - - [26/Jan/2017:12:29:22 +0100] "GET /jenkins/script HTTP/1.1" 404 997
31.172.95.161 - - [26/Jan/2017:12:29:22 +0100] "GET /login HTTP/1.1" 404 979
31.172.95.161 - - [26/Jan/2017:12:29:23 +0100] "GET /jmx-console HTTP/1.1" 404 991
31.172.95.161 - - [26/Jan/2017:12:29:23 +0100] "GET /manager/html HTTP/1.1" 401 2486
31.172.95.161 - - [26/Jan/2017:12:29:23 +0100] "GET / HTTP/1.1" 200 1895
31.172.95.161 - - [26/Jan/2017:12:29:24 +0100] "GET / HTTP/1.1" 200 1895
31.172.95.161 - - [26/Jan/2017:12:29:25 +0100] "GET /manager/html HTTP/1.1" 401 2486
31.172.95.161 - - [26/Jan/2017:12:29:25 +0100] "GET /manager/html HTTP/1.1" 401 2486
31.172.95.161 - - [26/Jan/2017:12:29:25 +0100] "GET /manager/html HTTP/1.1" 401 2486
31.172.95.161 - - [26/Jan/2017:12:29:26 +0100] "GET /manager/html HTTP/1.1" 401 2486
31.172.95.161 - - [26/Jan/2017:12:29:26 +0100] "GET /manager/html HTTP/1.1" 401 2486
31.172.95.161 - - [26/Jan/2017:12:29:27 +0100] "GET /manager/html HTTP/1.1" 401 2486
31.172.95.161 - - [26/Jan/2017:12:29:28 +0100] "GET /msd HTTP/1.1" 404 975
31.172.95.161 - - [26/Jan/2017:12:29:28 +0100] "GET /mySqlDumper HTTP/1.1" 404 991
31.172.95.161 - - [26/Jan/2017:12:29:29 +0100] "GET /msd1.24stable HTTP/1.1" 404 995
31.172.95.161 - - [26/Jan/2017:12:29:29 +0100] "GET /msd1.24.4 HTTP/1.1" 404 987
31.172.95.161 - - [26/Jan/2017:12:29:30 +0100] "GET /mysqldumper HTTP/1.1" 404 991
31.172.95.161 - - [26/Jan/2017:12:29:31 +0100] "GET /MySQLDumper HTTP/1.1" 404 991
31.172.95.161 - - [26/Jan/2017:12:29:31 +0100] "GET /mysql HTTP/1.1" 404 979
31.172.95.161 - - [26/Jan/2017:12:29:32 +0100] "GET /sql HTTP/1.1" 404 975
31.172.95.161 - - [26/Jan/2017:12:29:32 +0100] "GET /phpmyadmin HTTP/1.1" 404 989
31.172.95.161 - - [26/Jan/2017:12:29:32 +0100] "GET /phpMyAdmin HTTP/1.1" 404 989
31.172.95.161 - - [26/Jan/2017:12:29:33 +0100] "GET /mysql HTTP/1.1" 404 979
31.172.95.161 - - [26/Jan/2017:12:29:33 +0100] "GET /sql HTTP/1.1" 404 975
31.172.95.161 - - [26/Jan/2017:12:29:33 +0100] "GET /myadmin HTTP/1.1" 404 983
31.172.95.161 - - [26/Jan/2017:12:29:33 +0100] "GET /phpMyAdmin-4.2.1-all-languages HTTP/1.1" 404 1029
31.172.95.161 - - [26/Jan/2017:12:29:34 +0100] "GET /phpMyAdmin-4.2.1-english HTTP/1.1" 404 1017
31.172.95.161 - - [26/Jan/2017:12:29:34 +0100] "GET / HTTP/1.1" 200 1895
31.172.95.161 - - [26/Jan/2017:12:29:34 +0100] "GET /sqlite/main.php HTTP/1.1" 404 999
31.172.95.161 - - [26/Jan/2017:12:29:34 +0100] "GET /SQLite/SQLiteManager-1.2.4/main.php HTTP/1.1" 404 1039
31.172.95.161 - - [26/Jan/2017:12:29:34 +0100] "GET /SQLiteManager-1.2.4/main.php HTTP/1.1" 404 1025
31.172.95.161 - - [26/Jan/2017:12:29:34 +0100] "GET /sqlitemanager/main.php HTTP/1.1" 404 1013
31.172.95.161 - - [26/Jan/2017:12:29:34 +0100] "GET /SQlite/main.php HTTP/1.1" 404 999
31.172.95.161 - - [26/Jan/2017:12:29:34 +0100] "GET /SQLiteManager/main.php HTTP/1.1" 404 1013


and the log from 25/Jan/2017

84.121.27.102 - - [25/Jan/2017:10:03:41 +0100] "GET / HTTP/1.0" 200 1895
123.59.70.63 - - [25/Jan/2017:16:25:49 +0100] "GET /favicon.ico HTTP/1.1" 404 991
58.221.44.119 - - [25/Jan/2017:18:23:23 +0100] "GET / HTTP/1.1" 200 1895

Regards Chris
 
You must log in or register to reply here.

Similar threads

G
Issue high CPU-usage ("/usr/bin/apach" "php-cgi" "php-fpm")
Replies
1
Views
2K
Peter Debik
P
B
Issue High latency, unreliable performance & 522 errors on a Plesk server that ran fine for 6+ months
Replies
1
Views
153
Sebahat.hadzhi
Sebahat.hadzhi
J
Resolved Can't login at Plesk admin panel (Plesk Onyx 17.0.17)
Replies
6
Views
10K
JVG
J
futureweb
Question Issues with SSL Certificate Renewal for Mail Services in Plesk: Seeking Automated Solution via CLI or API
Replies
8
Views
1K
futureweb
futureweb
L
Issue Daily Maintenance Script Spawns Off A Bunch Of PHP-FPM processes Leading To Huge Load Spike
Replies
2
Views
369
Ladylinux
L
Back
Top