HTTP ERROR 404 Problem accessing /public/error.jsp. Reason: /public/error.jsp

I’ve just restored a compromised customer
Do a quick search under the usual jetty folders:

find /opt/zimbra/jetty/ -type f -name *jsp -mtime -30

If you find files like:
/opt/zimbra/jetty/webapps/zimbra/js/zimbra/csfe/XZimbra.jsp
/opt/zimbra/jetty/webapps/zimbra/public/Ajax.jsp
you’ve been hacked.
Unlike the previous “zmcat” and “dblaunchs” that actually exploit the vuln and load some sh*t this looks like a bad childish attack. It seems that they delete some files under jetty dir, don’t know why. 
The attack vector is the same, but, there are no strange processes, there is no persistence.

To clean:
1) Get the package of your version. In our case was an unpatched 8.6
2) Extract the package, find the store rpm or deb. In our case was zcs-NETWORK-8.6.0_GA_1153.UBUNTU14_64.20141215151218/packages/zimbra-store_8.6.0.GA.1153.UBUNTU14.64_amd64.deb 
3) Get into the rpm or the package (midnight commander allows browsing deb & rpm) and navigate to the correspondent jetty/webapps/zimbra/public folder
4) Replace the old public folder with the public folder from the package
5) Patch immediately. You modified some files that will be patched so, if you installed some patch before, use ./installPatch.sh –force, to avoid zimbra version control

source : https://forums.zimbra.org/viewtopic.php?t=66077

patch zimbra :

Zimbra Collaboration 8.6.0 Patch 10 GA Release

Before Installing the Patch

Before installing the patch, consider the following:

  • Zimbra Collaboration patches can be found at https://www.zimbra.com/downloads/zimbra-collaboration
  • Patches are cumulative, and delivered as a TGZ file.
  • A full backup should be performed before any patch is applied. There is no automated roll-back.
  • Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
  • Only files or Zimlets associated with installed packages will be installed from the patch.
  • Switch to user zimbra before using ZCS CLI commands.
  • Important! You cannot revert to the previous ZCS release after you upgrade to the patch.

Install the Patch

Note: This patch should be installed only on all mailbox nodes running in your environment.

1. Before you begin, confirm you have the following:

  • Zimbra Collaboration 8.6.0 GA installed
  • Zimbra Collaboration 8.6.0 Patch10 TGZ file

2. Copy the patch.tgz file(s) to your server.

3. Install Zimbra Collaboration 8.6.0 Patch10

  • a. Log in as root and cd to the directory where the tar file is saved. Type
tar xzf zcs-patch-8.6.0_GA_XXX.tgz
cd zcs-patch-8.6.0_GA_XX
  • b. As root, install the patch. Type
./installPatch.sh
  • c. Switch to user zimbra
su – zimbra
  • d. ZCS must be restarted to changes to take effect. Type
zmcontrol restart

source : https://wiki.zimbra.com/wiki/Zimbra_Releases/8.6.0/P10
Posted on: May 7, 2019, by :  | 83 views
https://serang.ut.ac.id/css/css/slot88/ https://tinjut.bagkeu.dikdasmen.kemdikbud.go.id/slot-maxwin/ https://dpm.polinema.ac.id/slot-gacor/ https://akademik.ft.unm.ac.id/slot-dana/ https://ppdb.probolinggokab.go.id/slot-5000/ https://bkad.sulselprov.go.id/assets/ https://ojs.balidwipa.ac.id/docs/slot-gacor/ http://korpri.pekalongankab.go.id/api/slot-gacor/ https://elang.umpp.ac.id/foto/farmasi/-/asset/ http://rsud-kelet.jatengprov.go.id/wp-content/-/asset/ https://kusdhianto-fe.staff.ugm.ac.id/slot88/ http://ppdb.probolinggokab.go.id/judi-bola/ https://bapenda.labuhanbatukab.go.id/racikan-sbobet/ http://rsud-kelet.jatengprov.go.id/wp-content/-/data/ https://agenda.riau.go.id/-/judi-bola/ https://balapan.padang.go.id/sbobet88/ http://jdih.wakatobikab.go.id/sbobet88/ http://kph.menlhk.go.id/sbobet88/ https://bkad.sulselprov.go.id/data/ https://dpm.polinema.ac.id/slot-gacor/ https://dinkes.jemberkab.go.id/storage/attachments/