It's clear that this forum is being monitored by exploiters and used to modify the attack vector accordingly.
One of the steps of the attack is to modify the date of the files
/opt/zimbra/mailboxd/webapps/zimbra/js/zimbra/csfe/XZimbra.jsp
/opt/zimbra/mailboxd/webapps/zimbra/public/Ajax.jsp
/opt/zimbra/mailboxd/webapps/service/error/attachment_blocked.jsp
/opt/zimbra/mailboxd/webapps/zimbraAdmin/public/jsp/Debug.jsp
to december 2014, to hide that a line of code has been added to these files.
This is a direct and clear response to the
find /opt/zimbra/jetty/ -type f -name *jsp -mtime -60
Must switch to a more secure way to share these information
This forum is being actively monitored by CVE-2019-9670 exploiters
Re: This forum is being actively monitored by CVE-2019-9670 exploiters
Perhaps a private group on Telegram might be more appropriate?
Re: This forum is being actively monitored by CVE-2019-9670 exploiters
It's the farthest thing from the "community" and the "open" philosophy , but in this case could be of help...
Re: This forum is being actively monitored by CVE-2019-9670 exploiters
I agree but I don't see any alternative if the forums are being 'monitored'. Perhaps you should only accept known users via their forum (long-standing accounts?) membership here?gabrieles wrote:It's the farthest thing from the "community" and the "open" philosophy , but in this case could be of help...
- DualBoot
- Elite member
- Posts: 1326
- Joined: Mon Apr 18, 2016 8:18 pm
- Location: France - Earth
- ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
- Contact:
Re: This forum is being actively monitored by CVE-2019-9670 exploiters
Sometime diffusion/distribution lists are better at this purpose.
Regards,
Regards,