iomarmochtar
/ zimbra_after_xxe.txt
Last active
April 13, 2019 10:37
My Zimbra Got Hacked by XXE bug What Should I do ?
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Note: | |
| - i suggest you for not delete any script or program that intruder put into your server, you can backup it and see how it's works. | |
| so you can learn how it operated and can determine impact in your server. | |
| - before or in parallel you do backup please make sure that your server is clean first by any backdoor !!!. | |
| - you may considering reinstall your OS if the damaged from intruder was quite heavy, | |
| eg: they are replacing some coreutils or some crucial daemon (SSH for instance). | |
| in general you may see by detail any folder that zimbra user has write access to it. | |
| but these are the common way you may check: |
iomarmochtar
/ gfonts_offline.py
Created
January 15, 2019 02:49
Python script to download google fonts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| __author__ = ('Imam Omar Mochtar', 'iomarmochtar@gmail.com') | |
| import urllib2 | |
| import sys | |
| import os | |
| import re | |
| FONTS_DIR = 'fonts' | |
| CSS_FILE = 'offline.css' | |
| site = sys.argv[1] |
iomarmochtar
/ listAllCosWithMembers.py
Created
September 22, 2018 15:06
Get all COS (Class Of Service) including user assigned to it. #zimbra
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/opt/zimbra/bin/zmpython | |
| __author__ = ('Imam Omar Mochtar', ('iomarmochtar@gmail.com', 'imam.omar@jabetto.com')) | |
| """ | |
| Get all COS including user assigned to it. you may run this script inside zimbra's server (LDAP server is recommended) | |
| """ | |
| from com.zimbra.cs.account import Provisioning |
iomarmochtar
/ audit_watch.py
Created
May 23, 2018 09:36
Simple script to parse zimbra's audit.log for failed authentication then it will report and block the IP, yes it's a simple alternative to fail2ban
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| __author__ = 'Imam Omar Mochtar <iomarmochtar@gmail.com>' | |
| """ | |
| this script assume zimbra smtp and mailbox service in same server with original ip (oip) is logged | |
| the attempted/blocked IP will listed in AUDITWATCH chain. for applying block to it add rule in INPUT filter. | |
| Example: | |
| # iptables -t filter -I INPUT -j AUDITWATCH | |
| """ |
iomarmochtar
/ audit_watch.py
Created
March 19, 2018 04:52
Parse zimbra audit file for blocking any massive failed authentication which indicating brute force attempt. if it's found then will do block mechanism and report to admin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| __author__ = 'Imam Omar Mochtar <iomarmochtar@gmail.com>' | |
| """ | |
| Parse zimbra audit file for blocking any massive failed authentication which indicating brute force attempt | |
| this script assume zimbra proxy and mailbox service in same server with original ip (oip) is logged | |
| the attempted IP will listed in AUDITWATCH chain. for applying block combine run this command for add it in INPUT filter |
iomarmochtar
/ AjxReloader.php
Created
August 30, 2017 07:39
Helper untuk ajaxreloader pada yii2, utilizing ajax-crud
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Author: Imam Omar Mochtar <iomarmochtar@gmail.com> | |
| * Date: 08/04/17 | |
| * Reuse ajax-curd untuk menambahkan data secara async pada (sementara ini) komponen select. reload via pjax | |
| */ | |
| namespace common\utils; | |
| use yii\web\AssetBundle; |
iomarmochtar
/ install_pgadmin4.sh
Created
August 24, 2017 02:22
Script for automating pgAdmin4 installation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Author: Imam Omar Mochtar (iomarmochtar@gmail.com) | |
| # Desc : Script for automating pgAdmin4 as Desktop mode, make sure postgresql-dev and python-dev package has been installed | |
| # , was tested in Ubuntu 16.04 LTS | |
| BASE_DIR="/opt/pgadmin4" | |
| RUN_SCRIPT="$BASE_DIR/run.sh" | |
| VIRTENV="/usr/local/bin/virtualenv" |
iomarmochtar
/ example_get_task.py
Last active
November 18, 2017 12:43
Example of fetching Zimbra task and task list (recursive).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| __author__ = ('Imam Omar Mochtar', 'iomarmochtar@gmail.com') | |
| from ozpy.mailbox import Mailbox | |
| import sys | |
| from pprint import pprint | |
| import os | |
| """ | |
| Example of fetching Zimbra task and task list (recursively). | |
| """ |
iomarmochtar
/ nginx.conf
Created
July 21, 2017 14:39
Nginx configuration file for mailman3_ei, listening on 80 (redirect to 443 https)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| daemon off; | |
| worker_processes 1; | |
| user root; | |
| error_log /opt/mailman3/var/logs/nginx-error.log; | |
| pid /opt/mailman3/var/logs/nginx.pid; |
iomarmochtar
/ using_django_template_outside.py
Created
July 19, 2017 05:47
Using Django Template Outside Django Project
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import django | |
| from django.template import Template, Context | |
| from django.conf import settings | |
| # optional if you just render str instead of template file | |
| from django.template.loader import get_template | |
| settings.configure(TEMPLATES=[{ | |
| 'BACKEND': 'django.template.backends.django.DjangoTemplates', | |
| # if you want to render using template file | |
| 'DIRS': ['/tmp/template_dirs'] |