servlet cant find file

any ideas what is wrong? this worked fine for over a year but now it doesnt. it seems that ".." is not being translated

quote:
--------------------------------------------------------------------------------
java.io.FileNotFoundException: ../webapps/examples/SiteLog.txt (The system cannot find the path specified)
--------------------------------------------------------------------------------

that path has been working fine for over a year
the file is at: http://javaguy.yi.org/examples/SiteLog.txt
c:\program files\Apache Group\Apache\tomcat\jakarta-tomcat\webapps\examples\SiteLog.txt
the servlet is at: http://javaguy.yi.org
after you hit login
c:\program files\Apache Group\Apache\tomcat\jakarta-tomcat\webapps\examples\Web-inf\classes\MyCookieServlet.class

im running windows without autoexec.bat for now
the above links are dead cause im not running the server right now

did you change anything in your web.xml file.
<servlet-mapping> or <url-pattern>
- satya

I didnt but it is possible someone else did through a trojan. I will look over that file. it seems like it doesnt know where TomcatHome is. my system is pretty bad right now. when trying to boot with autoexec.bat in root I get all kinds of errors one says registry cant be found. Im going to post guestion about it in MD forum since we dont have a windows forum

out of the 6 xml file in that folder i was only able to open 3 by double clicking(using IE) web.xml gave this informative message

The XML page cannot be displayed
Cannot view XML input using style sheet. Please correct the error and then click the Refresh button, or try again later.

--------------------------------------------------------------------------------
The system cannot locate the resource specified.

i opened it in notepad though and it looks ok to me

<servlet-mapping>
<servlet-name>
invoker
</servlet-name>
<url-pattern>
/servlet/*
</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>
jsp
</servlet-name>
<url-pattern>
*.jsp
</url-pattern>
</servlet-mapping>

I found something interesting in the logs. about the time i started having problems with the site i started getting entries like this in access.log
64.242.115.131 - - [07/Aug/2001:20:42:45 -0700] "GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0 078%u0000%u00=a HTTP/1.0" 404 276
i get them at a rapid rate about every ten minutes on average from different urls
for the previous year there were never any entries like that and i never got close to that many hits either
there is a corresponding entry in error.log for each
172.141.224.18] File does not exist: c:/program files/apache group/apache/htdocs/default.ida
does that look familiar to anyone?
[This message has been edited by Randall Twede (edited August 13, 2001).]

Your log entries look all too familiar, alas. That's what you see when a machine infected with the "Code Red" worm attempts to pass it along. The "X"s are just to stretch the buffer to the overflow point, and the remaining stuff is the worm itself. The original "Code Red" used "N"s - this is actually "Code Red II", which opens up backdoors into the infected server. Be glad you're not running IIS. Be very glad.
Randall, you really should seriously consider offering intoxicating beverages and/or other blandishments to your support people to get them to clean-install your OS. Your system has been so badly hammered I wouldn't trust it as far as I can throw a mainframe.

Tim,
thanks I will try to find out more about it now that I know what it is. I did see some entries that used N instead of X but most used X. from your post Im guessing the attempt fails because I am using Apache? there must be some reason I am suddenly having all these attempts. I have no support people it is just me and my pentium133.

I found a good article on the code red worm here:
http://news.cnet.com/news/0-1003-201-6658647-0.html?tag=tp_pr
I had read about security holes in IIS a while back now I know the result. Apache rules

here is a link to a picture of tomcats DOS window.
http://www.angelfire.com/games2/programming/TomcatWindow.html
one other thing is that after the first time i got the internal servlet error about file not found,
it did on at least one occasion work properly. but not in the last couple days.
I could rewrite my servlets but i would rather fix whatever is wrong if i can
also since I have a cookie already i can bypass the login page
and the rest of the site works fine.
I checked to see if the file had been changed to read only but it hasnt.
[This message has been edited by Randall Twede (edited August 14, 2001).]

the server is running now so if someone can go there and tell me if they can get past the login page that woould be nice http://javaguy.yi.org
neveer mind someone checked and they get the same error i do
[This message has been edited by Randall Twede (edited August 15, 2001).]