APACHE STRUTS CVE-2017-5638

[gussuk]

I’m really glad to find the forum is up and running still. I sent you a donation too.
I may need some help.
I’m no programmer just a hobby user
I also use Norton Security and it has been stopping attacks labeled as APACHE STRUTS CVE-2017-5638.
Norton seems to be catching each attack the thing that concerns me is it looks like the information is backwards. It appears my computer is the source of the attack. The so called victims I have traced a few via their IP and one was in Taiwan the other Jakarta.

So anyway is the Sambar Server apache based? Is this something that is going to get me eventually?

Somebody has also been trying to hack my mail server for about 3-4 days now. since I only have one account and it has a 16 character password I don’t think they’ll ever get in. I also require AUTH and the system administration is limited to local IP numbers only. No remote management. At least that’s what I’m hoping.

So anyone know anything about this STRUTS thing?

[Johannes]

Hello Steve,

Sambar, as far as I know, is not Apache based. Also, Apache Struts is something different, it is not the regualr Apache webserver. It is an java based application frame work. Take a look here.

In regards to your mailserver, I had the same happening here fore a few weeks with all kinds of usernames which didn't fit my system. Check your logs and you know if you can safely ignore that. Maybe set the throttling for failed logins a bit higher. I have mine set to 3 failed logins and the IP is blocked for the time (in sec) you have set.

By the way, I have my Sambar now for over a year running on Debian and I am very happy with it. As an additional plus, it handles SSL connections way more stable.

Johannes