HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
taherseddighi
Posts: 1
Joined: Sun Apr 28, 2019 7:47 am

HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp

Post by taherseddighi »

Hello every one,
Today when I tried to open zimbra through browser I got this error:
HTTP ERROR 404
Problem accessing /public/error.jsp. Reason:

/public/error.jsp
We didn't upgrade/ update the zimbra, and also didn't install any new patches. does anyone have any idea?
thank you
farey
Posts: 3
Joined: Mon Mar 12, 2018 11:22 am

Re: HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp

Post by farey »

Im having the same problem. anyone got any idea?
farey
Posts: 3
Joined: Mon Mar 12, 2018 11:22 am

Re: HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp

Post by farey »

farey wrote:Im having the same problem. anyone got any idea?
Solved the problem. Here is the deal. Inside the public folder I have found files which doesn't belong there. Obviously someone has been messing around. So replaced the public folder with an old backup of public folder. Now its working perfectly fine
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp

Post by phoenix »

farey wrote:
farey wrote:Im having the same problem. anyone got any idea?
Solved the problem. Here is the deal. Inside the public folder I have found files which doesn't belong there. Obviously someone has been messing around. So replaced the public folder with an old backup of public folder. Now its working perfectly fine
Unless you know the exact cause of this problem you may not have solved it, you may have been hacked. I'd suggest tou do some further investigation by reading through the sticky C.V.E. thread in this forum.

BTW, I don't really understand why you've posted this in the Zimbra Desktop/Error Reports but it's the wrong forum if you're using ZCS, if you are actually using Zimbra Desktop then please reply to this thread and meanwhile I'll move this to the 'correct' forum.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
kushan.thamel
Posts: 1
Joined: Sat May 04, 2019 2:43 pm

Re: HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp

Post by kushan.thamel »

Hi,

Could you please explain where is the location I have to make this change.

"/opt/zimbra/jetty-distribution-9.3.5.v20151012/webapps/zimbraAdmin/public"
User avatar
gabrieles
Outstanding Member
Outstanding Member
Posts: 233
Joined: Tue Feb 14, 2017 9:40 am

Re: HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp

Post by gabrieles »

I've just restored a compromised customer
Do a quick search under the usual jetty folders:

find /opt/zimbra/jetty/ -type f -name *jsp -mtime -30

If you find files like:
/opt/zimbra/jetty/webapps/zimbra/js/zimbra/csfe/XZimbra.jsp
/opt/zimbra/jetty/webapps/zimbra/public/Ajax.jsp
you've been hacked.
Unlike the previous "zmcat" and "dblaunchs" that actually exploit the vuln and load some sh*t this looks like a bad childish attack. It seems that they delete some files under jetty dir, don't know why.
The attack vector is the same, but, there are no strange processes, there is no persistence.

To clean:
1) Get the package of your version. In our case was an unpatched 8.6
2) Extract the package, find the store rpm or deb. In our case was zcs-NETWORK-8.6.0_GA_1153.UBUNTU14_64.20141215151218/packages/zimbra-store_8.6.0.GA.1153.UBUNTU14.64_amd64.deb
3) Get into the rpm or the package (midnight commander allows browsing deb & rpm) and navigate to the correspondent jetty/webapps/zimbra/public folder
4) Replace the old public folder with the public folder from the package
5) Patch immediately. You modified some files that will be patched so, if you installed some patch before, use ./installPatch.sh --force, to avoid zimbra version control
maillo
Posts: 4
Joined: Mon Mar 20, 2017 7:41 am

Re: HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp

Post by maillo »

After replacing jetty directory there is still problem with 100% CPU usage. Seems like digging. Anyone know how to stop it?
leandromonteiro
Posts: 1
Joined: Mon May 06, 2019 10:43 am

Re: HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp

Post by leandromonteiro »

I'm really having trouble, this attack happened this weekend!
User avatar
gabrieles
Outstanding Member
Outstanding Member
Posts: 233
Joined: Tue Feb 14, 2017 9:40 am

Re: HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp

Post by gabrieles »

maillo wrote:After replacing jetty directory there is still problem with 100% CPU usage. Seems like digging. Anyone know how to stop it?
Have you patched? have you done a zmcontrol restart? What process is causing high CPU usage? Less info you give, less help you will get...
maillo
Posts: 4
Joined: Mon Mar 20, 2017 7:41 am

Re: HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp

Post by maillo »

Thank you for your help.
I noticed, that zimbra cron file was also modified - /var/spool/cron/zimbra
Instead of normal file content it contained starting zmswatch every 30 min and zmmailboxdwatch every 60 min.
After recovering files from backup it seems to be OK.

At the moment I'm trying to upgrade from 8.7 to 8.8.12 but after starting ./install.sh it hangs.
Any advices?
Thanks again!
Post Reply