Results 1 to 6 of 6

Thread: Compromised Accounts

  1. #1
    ask2me0077 is offline Junior Member
    Join Date
    Nov 2013
    Location
    India
    Posts
    7
    Rep Power
    1

    Default Compromised Accounts

    I have been using zimbra for 3 years. Recently I noticed that some of my zimbra accounts are compromised and sending too many spams which makes my ip blacklisted.
    I changed the web access to https and then for one or two months it was working fine. Then again the same thing happened. When I went through the audit.log, found IP originated from Senegal trying to sending mail using the compromised accounts.

    I have made many warning to my users to use strong password and made changes in the Admin panel. But day by day, one or more accounts is compromised.
    Is there any way to stop this problem??

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,490
    Rep Power
    56

    Default

    Quote Originally Posted by ask2me0077 View Post
    I have made many warning to my users to use strong password and made changes in the Admin panel.
    That doesn't tell us what type of 'strong' password rules you've actually introduced, nor which version/release of ZCS nor whether you forced all users to change their passwords when they next logged in.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    chauvetp is offline Elite Member
    Join Date
    Apr 2008
    Location
    New Paltz, NY
    Posts
    300
    Rep Power
    7

    Default

    Strong passwords do nothing if your users are giving their passwords out to phishing scammers (which in my experience, I find to be MUCH more common than some spammers guessing passwords). The only way to stop that is user education & training (which is difficult, but necessary in this day and age).

    You can mitigate the problems using a rate limiting option (such as cpolicyd - Postfix Policyd - Zimbra :: Wiki).
    ---
    Paul Chauvet
    State University of New York at New Paltz

  4. #4
    ask2me0077 is offline Junior Member
    Join Date
    Nov 2013
    Location
    India
    Posts
    7
    Rep Power
    1

    Default

    Strong password means with a combination of wild character and digits.
    [I]am using Release 6.0.1_GA_1816.RHEL5_20090911181524 CentOS5 FOSS edition.
    Today I found in my audit .log a connection from ip 41.82.152.252 from Senegal.
    Is there any way to block connection to the webgui from other countries??

  5. #5
    chauvetp is offline Elite Member
    Join Date
    Apr 2008
    Location
    New Paltz, NY
    Posts
    300
    Rep Power
    7

    Default

    Quote Originally Posted by ask2me0077 View Post
    Iam using Release 6.0.1_GA_1816.RHEL5_20090911181524 CentOS5 FOSS edition.
    Forget passwords - you're using an ANCIENT version of Zimbra. If you care about security you should be upgrading to a newer version (latest in the 7.2.x or 8.x series) as soon as possible.

    As for blocking connections, you can block anything you want at the firewall level. You'd have to find IP lists of where to block but its like trying to stop a flood, it will never work. Fix your security issues (i.e. using a four year old version of Zimbra). Aside from that, make sure you have spam filtering in place to limit the number of phishing emails that come in to your users, educate them about clicking on fraudulent links and giving out their username/password.
    ---
    Paul Chauvet
    State University of New York at New Paltz

  6. #6
    ask2me0077 is offline Junior Member
    Join Date
    Nov 2013
    Location
    India
    Posts
    7
    Rep Power
    1

    Default

    Thank You for your suggestion.
    I want to change to Zimbra 8 (64 bit). Kindly give your suggestions .Also give me any link for the migration.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Identify compromised accounts
    By MobiusNZ in forum Administrators
    Replies: 17
    Last Post: 07-15-2014, 08:33 AM
  2. compromised accounts issue
    By padraig in forum Administrators
    Replies: 4
    Last Post: 08-06-2013, 05:59 PM
  3. Accounts compromised - changed forwarding
    By blueflametuna in forum Administrators
    Replies: 10
    Last Post: 02-08-2011, 02:21 PM
  4. Help with compromised server
    By amnesia in forum Administrators
    Replies: 5
    Last Post: 01-27-2011, 07:38 AM
  5. Help with compromised accounts
    By Userx in forum Zimbra in Education
    Replies: 10
    Last Post: 05-03-2009, 12:11 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •