The best place to *find* answers to programming/development questions, imo, however it's the *worst* place to *ask* questions (if your first question/comment doesn't get any up-rating/response, then u can't ask anymore questions--ridiculously unrealistic), but again, a great reference for *finding* answers.

My Music (Nickleus)


JSP RAT by Jeroy - hacked a jboss 4.2.2 server

he put stuff in a jboss 4.2.2 "work" folder, in these locations:



see also:

RAT can mean several things:
remote access trojan
remote administration tool

here's how to secure your jboss 4 server--first steps. (this links to my comment below on this page--or just read the instructions below):
1. remove the following folders:


NOTE: if you want to keep jmx-console enabled, then it seems that you need to edit some config code in deploy/jmx-console.war/WEB-INF/web.xml:

       An example security config that only allows users with the role
       JBossAdmin to access the HTML JMX console web application

2. secure permissions:

UPDATE 20131105

you also need to secure the invoker servlet, i.e. don't let anyone access this url:

UPDATE 20131114

according to Nafly, you also need to secure the EJBInvokerServlet


  1. same problem here on Jboss 4.2.3GA. JSP RAT was deployed in


    The problem seems to be Jboss Web 2.0.1 (which is a fork of Tomcat 6).
    anyone knows how to secure this JBoss version?

  2. Hi Markus,
    1. remove the following folders:


    2. secure permissions: