I've just restored a compromised customerDo a quick search under the usual jetty folders: find /opt/zimbra/jetty/ -type f -name *jsp -mtime -30 If you find files like:/opt/zimbra/jetty/webapps/zimbra/js/zimbra/csfe/XZimbra.jsp/opt/zimbra/jetty/webapps/zimbra/public/Ajax.jspyou've been hacked.Unlike the previous "zmcat" and "dblaunchs" that actually exploit the vuln and load some sh*t this looks like a bad childish attack.…