Search found 118 matches

by maxxer
Mon Jun 10, 2019 5:32 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 207
Views: 89814

Re: CVE-2019-9670 being actively exploited

I have not been able to clean up, the hack has been coming back about every 12 hrs. I have ssh and 7071 blocked to public and always have. I've changed all my admin pws 3x. ssh, zimbra, and webmail admin. The hack script still comes back. I finally blocked the attacking IP but soon enough it will p...
by maxxer
Sun Jun 09, 2019 7:58 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 207
Views: 89814

Re: CVE-2019-9670 being actively exploited

calandacomp wrote:if you are affected and have any questions - feel free to contact me

good to know there's still a chance to clean up the system :) thanks for sharing your cleanup steps!
by maxxer
Sun Jun 09, 2019 7:56 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 207
Views: 89814

Re: CVE-2019-9670 being actively exploited

According to hack... there are files in /tmp directory .. if any one can help us about these files what kind of help you need? they're unlikely zimbra files, but without contents we cannot know. you should inspect them yourself, you can try moving them out to a location non accessible to zimbra use...
by maxxer
Thu May 30, 2019 6:48 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 207
Views: 89814

Re: CVE-2019-9670 being actively exploited

Mike2000 wrote:Sorry for stupid questions, but i a'm not understand how to do it properly.
If i have ubuntu 16.04 - at first i should update it to 18.04 ?


you don't have to. you can install 8.8.12 on 16.04.

anyway 18.04 is still in beta, don't use it
by maxxer
Thu May 30, 2019 6:04 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 207
Views: 89814

Re: CVE-2019-9670 being actively exploited

Mike2000 wrote:What about Zimbra 8.8.8 ga foss, is it vulnerable?
If it is, what do i have to do? Update to 8.8.12 GA Release or what?

Yes, you must update to the latest minor release of 8.8, that is 8.8.12P2
by maxxer
Tue May 28, 2019 9:17 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 207
Views: 89814

Re: CVE-2019-9670 being actively exploited

mqaroush wrote:What this mean???


Likely non zimbra files you should delete
by maxxer
Tue May 28, 2019 7:35 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 207
Views: 89814

Re: CVE-2019-9670 being actively exploited

in previsious post it's posted ZMCAT solutions I have zmswatch on crontab and after i delete/kill it , it's come back! it's the same infection, just more widely spread on the system. cleanup steps are basically the same. first of all patch your system, then cleanup all the mess: cron, unwanted jsp ...
by maxxer
Tue May 28, 2019 5:31 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 207
Views: 89814

Re: CVE-2019-9670 being actively exploited

Stemond11 wrote:Hi ng
How can i find the source malaware ?
How can i delete definitly the script?


read the whole thread and/or the blogpost linked here, you will find guidelines on how to cleanup your system
by maxxer
Mon May 27, 2019 11:24 am
Forum: Administrators
Topic: certbot-zimbra v0.7 rewrite - call for testing
Replies: 0
Views: 132

certbot-zimbra v0.7 rewrite - call for testing

Hi all. Thanks to the collaboration of Jernej Jakob the script has been rewritten. We're calling people for testing this new rewrite before we publish it as a release. The new version is currently in a separate branch on Github. If you use this script and need to deploy a new cert, we kindly ask you...
by maxxer
Thu May 09, 2019 4:20 pm
Forum: Users
Topic: Images in Signatures
Replies: 3
Views: 806

Re: Images in Signatures

Broken and not going to be fixed.

viewtopic.php?f=15&t=66125#p290205

Go to advanced search