2018-08-30 10:55:33,486 org.apache.activemq.broker.TransportConnection.Transport -Transport Connection to: tcp://45.248.77.245:60074 failed: org.apache.activemq.transport.InactivityIOException: Channel was inactive for too (>30000) long: tcp://45.248.77.245:60074
2018-08-30 10:55:34,732 org.apache.activemq.broker.TransportConnection.Transport -Transport Connection to: tcp://45.248.77.245:60075 failed: org.apache.activemq.transport.InactivityIOException: Channel was inactive for too (>30000) long: tcp://45.248.77.245:60075
2018-08-30 10:58:35,086 org.apache.activemq.broker.TransportConnection.Transport -Transport Connection to: tcp://45.248.77.245:63410 failed: org.apache.activemq.transport.InactivityIOException: Channel was inactive for too (>30000) long: tcp://45.248.77.245:63410
2018-08-30 11:01:38,581 org.apache.activemq.broker.TransportConnection.Transport -Transport Connection to: tcp://45.248.77.245:64164 failed: org.apache.activemq.transport.InactivityIOException: Channel was inactive for too (>30000) long: tcp://45.248.77.245:64164
2018-08-30 11:07:09,440 org.apache.activemq.broker.TransportConnection.Transport -Transport Connection to: tcp://45.248.77.245:64854 failed: org.apache.activemq.transport.InactivityIOException: Channel was inactive for too (>30000) long: tcp://45.248.77.245:64854
Last edited by PointsWell on Fri Aug 31, 2018 1:06 am, edited 2 times in total.
BenHayat wrote:Once you get to the bottom of this, please share with us. Does the app run slow? it seems like each timeout takes 30 seconds, before the next try.
Haven't noticed it running before it was just because the server was idle that it showed up (when the server is running I suspect it disappears into a whole bunch of annoying mySQL warnings).
And a whois doesn't show much information about the server.
eagles9999 wrote:Have you run a Penetration Test against the server.
I recently used https://pentest-tools.com which runs quite an extensive set of vulnerability tests (26) and gives you 500 credits for 45 bucks.
Revealed some very interesting stuff that I have since fixed by updating some of the configuration in the Tomcat conf files... server.xml and web.xml.
With TC 8.5 now some of the old configuration is deprecated and you need to add some of the new stuff manually.
By an large, my Aware server faired pretty well but I am glad to close the few last potential gaps.
Thanks for sharing stuff Mark, if there is some info which you can share with the community to keep our server safe would be nice. I will also give a try to the above tool.
From,
Himanshu Jain
AwareIM Consultant (since version 4.0)
OS: Windows 10.0, Mac
DB: MYSQL, MSSQL
You know when you are so tired you can’t remember your name.
Well if you use a well known VPN and select an Australian server, then the IP address will be in the range 45.248.77.nnn, and AIM working as it should shows me in the logs. That would explain the highly specific access of AwareIM folders.
But it doesn’t explain the server making calls to the IP address and cycling through a series of ports.
I’m going to go and drink some very nice whisky now and lie quietly in a darkened room.