GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Connect » security log
security log [message #124746] Mon, 05 October 2015 02:39 Go to next message
jiunnyik is currently offline  jiunnyik
Messages: 43
Registered: December 2013
Hi,

As I know, when user enter wrong password, it will log into security log.

So, is there anyway/possibility user can prevent it log into security log when they enter wrong password ? From web, pop, smtp, etc ...

Thank you.

Report message to a moderator

Re: security log [message #124762 is a reply to message #124746] Mon, 05 October 2015 15:32 Go to previous messageGo to next message
Pavel Dobry (Kerio) is currently offline  Pavel Dobry (Kerio)
Messages: 2057
Registered: October 2003
Location: Czech Republic
It is always logged in security log.

Knowledge Base: http://manuals.gfi.com/en/kerio/home/Content/Home.htm.

Report message to a moderator

Re: security log [message #124779 is a reply to message #124762] Mon, 05 October 2015 23:48 Go to previous messageGo to next message
jiunnyik is currently offline  jiunnyik
Messages: 43
Registered: December 2013
I have one user account being hacked. It was logged in through web. But there is no log show password guessing or wrong password being enter. According to the user, she did not provide her password to anyone.

Report message to a moderator

Re: security log [message #124792 is a reply to message #124779] Tue, 06 October 2015 19:13 Go to previous messageGo to next message
Bud Durland is currently offline  Bud Durland
Messages: 586
Registered: December 2013
Location: Plattsburgh, NY
jiunnyik wrote on Mon, 05 October 2015 17:48
I have one user account being hacked. It was logged in through web. But there is no log show password guessing or wrong password being enter. According to the user, she did not provide her password to anyone.


I would think you would want failed password attempts to be in the security log. Most will be one-time things, as folks occasionally mis-type their password in web mail. When you see several such, that is a call to action for the administrator.

If all the attempts are coming from thew same IP address, the first line of defense is to block that IP address, preferably at the firewall. If things get real bad, you can try renaming the user. There's a couple ways to do that, and I have done it for people who get married, divorced, etc. What I usually do is:


1) shutdown the server
2) edit the Users.cfg file and change the user's name. For example 'JDoe' becomes 'JaneDoe'
3) In the mail store folder, find the 'JDoe' folder, rename it to 'JaneDoe'
4) Restart the server
5) confirm you can login as 'JaneDoe<_at_>YourDomain.com'
5a) if this is an OutLook user, you will want to empty the KOFF cache before starting OutLook
6) Create an alias to send incoming mail addressed to 'jdoe' to 'JaneDoe'.

Report message to a moderator

Re: security log [message #124819 is a reply to message #124792] Thu, 08 October 2015 02:11 Go to previous message
jiunnyik is currently offline  jiunnyik
Messages: 43
Registered: December 2013
Thank you.

Report message to a moderator

Previous Topic: Cannot accept tasks on mobile phones
Next Topic: 0x80040119:MAPI_E_EXTENDED_ERROR
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Mon Mar 20 20:03:07 CET 2023

Total time taken to generate the page: 0.02390 seconds
.:: Contact :: Home :: Acceptable Use Policy ::.

Powered by: FUDforum 3.0.9.
Copyright ©2001-2022 FUDforum Bulletin Board Software