Code: Select all
91.232.125.211 - - [11/Jul/2019:18:12:43 +0000] "POST /public/-bHTnqO.jsp HTTP/1.0" 200 - "-" "Mozilla/5.0 (Windows NT 6.1; rv:66.0) Gecko/20100101 Firefox/66.04" 8037
91.232.125.211 - - [11/Jul/2019:18:12:54 +0000] "POST /public/jsp/CryptCore.jsp HTTP/1.0" 200 - "-" "Mozilla/5.0 (Windows NT 6.1;rv:66.0) Gecko/20100101 Firefox/66.04" 330
91.232.125.211 - - [11/Jul/2019:18:12:55 +0000] "POST /public/-bHTnqO.jsp HTTP/1.0" 200 - "-" "Mozilla/5.0 (Windows NT 6.1; rv:66.0) Gecko/20100101 Firefox/66.04" 347
91.232.125.211 - - [11/Jul/2019:18:12:57 +0000] "POST /zimbraAdmin/public/jsp/Debug.jsp HTTP/1.0" 200 - "-" "Mozilla/5.0 (Windows NT 6.1; rv:66.0) Gecko/20100101 Firefox/66.04" 2024
91.232.125.211 - - [11/Jul/2019:18:13:00 +0000] "POST /portals/example/static.jsp HTTP/1.0" 200 - "-" "Mozilla/5.0 (Windows NT 6.1; rv:66.0) Gecko/20100101 Firefox/66.04" 335
91.232.125.211 - - [11/Jul/2019:18:13:02 +0000] "POST /public/jsp/PortalCore.jsp HTTP/1.0" 200 - "-" "Mozilla/5.0 (Windows NT 6.1; rv:66.0) Gecko/20100101 Firefox/66.04" 334
91.232.125.211 - - [11/Jul/2019:18:13:03 +0000] "POST /zimbraAdmin/public/flash/player.jsp HTTP/1.0" 500 1419 "-" "Mozilla/5.0 (Windows NT 6.1; rv:66.0) Gecko/20100101 Firefox/66.04" 367
91.232.125.211 - - [11/Jul/2019:18:13:05 +0000] "POST /public/-bHTnqO.jsp HTTP/1.0" 200 - "-" "Mozilla/5.0 (Windows NT 6.1; rv:66.0) Gecko/20100101 Firefox/66.04" 324
91.232.125.211 - - [11/Jul/2019:18:13:06 +0000] "POST /zimbraAdmin/public/jsp/access.jsp HTTP/1.0" 500 1419 "-" "Mozilla/5.0 (Windows NT 6.1; rv:66.0) Gecko/20100101 Firefox/66.04" 340
91.232.125.211 - - [11/Jul/2019:18:13:08 +0000] "POST /public/-bHTnqO.jsp HTTP/1.0" 200 - "-" "Mozilla/5.0 (Windows NT 6.1; rv:66.0) Gecko/20100101 Firefox/66.04" 383
91.232.125.211 - - [11/Jul/2019:18:13:09 +0000] "POST /public/-bHTnqO.jsp HTTP/1.0" 200 - "-" "Mozilla/5.0 (Windows NT 6.1; rv:66.0) Gecko/20100101 Firefox/66.04" 317
rm -- '-bHTnqO.jsp'
Delete following files in /opt/zimbra/jetty-distribution-9.1.5.v20140505/
webapps/zimbra/public/-bHTnqO.jsp
webapps/zimbraAdmin/public/jsp/Alert.jsp, access.jsp
webapps/zimbraAdmin/public/flash/player.jsp
webapps/zimbra/public/jsp/CryptCore.jsp, PortalCore.jsp
Replace webapps/zimbraAdmin/public/jsp/Debug.jsp from zimbra source file
Last, unload all zmlet plugin, I worder some plugin be load to my server these days
I hope this will keep my server safe and help somebody....