Search found 4 matches

by Stemond11
Tue May 28, 2019 7:42 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited (Hacked Server)
Replies: 248
Views: 300269

Re: CVE-2019-9670 being actively exploited

i have just delete Crontab
Where do i find unwanted jsp ?
here ? /opt/zimbra/jetty-distribution-9.1.5.v20140505/work/zimbra/org/apache/jsp

thank you
Stefano
by Stemond11
Tue May 28, 2019 7:35 am
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited (Hacked Server)
Replies: 248
Views: 300269

Re: CVE-2019-9670 being actively exploited

in previsious post it's posted ZMCAT solutions I have zmswatch on crontab and after i delete/kill it , it's come back! In /tmp all request JSP like this every 30 seconds are in read-only: WHY ?? <Configure class="org.eclipse.jetty.webapp.WebAppContext"> <Get name="securityHandler"...
by Stemond11
Mon May 27, 2019 8:39 pm
Forum: Administrators
Topic: Zimbra AJAX Webmail not loading
Replies: 127
Views: 47277

Re: Zimbra AJAX Webmail not loading

Klug wrote:You're not fixing the hack until you have patched your server and clean it up fully.


How can i clean fully my zcs?
If i remove zmswatch.sh after few hours the script returns
before clean it and after upgrade.
Please help me!!!
by Stemond11
Mon May 27, 2019 8:00 pm
Forum: Administrators
Topic: CVE-2019-9670 being actively exploited (Hacked Server)
Replies: 248
Views: 300269

Re: CVE-2019-9670 being actively exploited

Hi ng

My zimbra machine is compromised.
If i delete zmswatch script and zmswatch crontab after few hours the script returns .
How can i find the source malaware ?
How can i delete definitly the script?

Please help me. !!
Thanks Stefano

Go to advanced search