Search found 4 matches

by AB_Zimbra
Wed May 29, 2019 11:41 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited (Hacked Server)
Replies: 248
Views: 630758

Re: CVE-2019-9670 being actively exploited

sony2sony wrote: say me please, the code after tag </HTML> is infection???
Yes, you need to remove everything after </HTML>.

Just download the original .tgz and patch .tgz files for the original source.
by AB_Zimbra
Tue May 28, 2019 8:14 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited (Hacked Server)
Replies: 248
Views: 630758

Re: CVE-2019-9670 being actively exploited

i have just delete Crontab Where do i find unwanted jsp ? here ? /opt/zimbra/jetty-distribution-9.1.5.v20140505/work/zimbra/org/apache/jsp thank you Stefano The infection creates new jsp's and edits existing ones with "control code". This way the attacker can remotely execute commands on ...
by AB_Zimbra
Mon May 27, 2019 2:33 pm
Forum: Administrators
Topic: Zimbra AJAX Webmail not loading
Replies: 127
Views: 120403

Re: Zimbra AJAX Webmail not loading

Same problem here on our server. we take the following actions: we change the permissions according to ab_zimbra, we remove the lines in the contrab that call zmswatch and we block the address in the firewall http://93.113.108.146:443/cr.sh. The environment is stable but we still can not resolve th...
by AB_Zimbra
Sat May 25, 2019 12:58 pm
Forum: Administrators
Topic: Zimbra AJAX Webmail not loading
Replies: 127
Views: 120403

Re: Zimbra AJAX Webmail not loading

We had exactly the same issue. And I saw that the files had the wrong permissions (executable instead of writeable). Version: 8.7.11_GA_3800.NETWORK I did the following (as root); cd /opt/zimbra/mailboxd find webapps -type d -exec chmod 0755 {} \; find webapps -type f -exec chmod 0644 {} \; Then res...