Zimbra server used as phishing site host

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
crose9
Posts: 13
Joined: Fri Sep 12, 2014 11:21 pm

Zimbra server used as phishing site host

Postby crose9 » Thu Jun 13, 2019 2:39 pm

Hi

it seems our Zimbra server hosts a phising site https://mail.math.uzh.ch/zimbra/;jsessi ... H_REQUIRED.

We're running the ZCS 8.8.12p3 now (updated today, before it was ZCS 8.8.12)

Anyone an idea which security bug causes the possibilty to upload such an site? How can we clean this?

We've googled around, and found a lot of sites with the same problem - but found no explanations what's going on or how this has been done.

Thanks
Carsten


crose9
Posts: 13
Joined: Fri Sep 12, 2014 11:21 pm

Re: Zimbra server used as phishing site host

Postby crose9 » Sat Jun 15, 2019 12:18 pm

It was a false positive!

Originally we received a notification by a security company about 'you host a phising page' and after some investigation on our site (we found nothing suspicous), we asked the company to explain why they think that we host a phishing site. At the end they send 'excuse me, it was a mistake on our site'.

For you: it seems that 'client=socialfox' is just a possibility of zimbra, to integrate the webinterface as a very tiny (iframe) in the own page.

CU
Carsten

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 17 guests