Help with compromised accounts - Page 2 - Zimbra

		Zimbra - Forums > Other > Zimbra in Education
Help with compromised accounts

Bugzilla

Wiki & Docs

Source

Leaders

Today's Posts

Welcome to the Zimbra - Forums!

Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Page 2 of 2

LinkBack

Thread Tools

Display Modes

#11 (permalink)

05-03-2009, 01:11 AM

kirme3

Trained Alumni

Posts: 190

You may want to check your audit log's for known bad ip-ranges. We recently had several users hit from the 41.219.x.x range and the 81.199.x.x range. If you want to verify an account has been compromised after the fact, check the audit.log files for odditie's with login ip's. If you think an account is compromised, grep the log for the account and compare login ip's. I've seen the above IP ranges from several compromised accounts.

Page 2 of 2

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
HSP how to count/declare archiving accounts	djeebee	Administrators	2	07-30-2008 08:46 AM
Multiple Mail Accounts, Folders	skwdenyer	Users	10	07-20-2008 08:10 AM
Inaccurate number accounts used	zbowden	Administrators	1	12-10-2007 06:47 AM
Set Zimbra to Automatically Download from POP3 Accounts	dbachman	Administrators	1	08-29-2007 10:05 AM
How do others manage their linux local accounts and zimbra email accounts in sync?	lkirkpatrick	Administrators	2	03-20-2006 10:50 PM