GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Connect » User being hacked - even after changing the password several times
User being hacked - even after changing the password several times [message #130615] Wed, 29 June 2016 09:45 Go to next message
Computerdoc is currently offline  Computerdoc
Messages: 2
Registered: June 2011
Hi there,

i`m running Kerio Connect 9.0.4 patch 1 (1154) Mac OS X (10.11.2). One of my users seemed to be hacked. Lots of messages were sent through this account to all kinds of unknown receipients.

I disabled the account, checked all the clients which used that account for viruses (1 x Mac and 1 x Android smartphone), changed the password - using a secure one - and enabled the account again.

But still there are lots of outgoing messages through this account which i did not send and cannot explain. What else can i do? I checked my Kerio sercurity settings. But they seem to be correct.

Greets
T.
Re: User being hacked - even after changing the password several times [message #130623 is a reply to message #130615] Wed, 29 June 2016 17:11 Go to previous messageGo to next message
j.a.duke is currently offline  j.a.duke
Messages: 239
Registered: October 2006
Computerdoc wrote on Wed, 29 June 2016 03:45
Hi there,

i`m running Kerio Connect 9.0.4 patch 1 (1154) Mac OS X (10.11.2). One of my users seemed to be hacked. Lots of messages were sent through this account to all kinds of unknown receipients.

I disabled the account, checked all the clients which used that account for viruses (1 x Mac and 1 x Android smartphone), changed the password - using a secure one - and enabled the account again.

But still there are lots of outgoing messages through this account which i did not send and cannot explain. What else can i do? I checked my Kerio sercurity settings. But they seem to be correct.

Greets
T.


Are you sure they are being sent through your server?

If so, you should see them in the Mail log. If they don't exist there, then they are being sent from another server using the address of your user (spoofing).

Implementing DKIM is one way of trying to reduce the likelihood of spoofing an address.

Cheers,
Jon
Re: User being hacked - even after changing the password several times [message #130627 is a reply to message #130623] Wed, 29 June 2016 18:12 Go to previous message
freakinvibe is currently offline  freakinvibe
Messages: 593
Registered: April 2004
Even after you changed the password, mails from before the password change might have been in your outgoing mail queue. So I would first clear the queue and then check if the problem still exists.

Dexion Services AG - IT Support Services in Basel, Switzerland
https://dexionag.ch
Previous Topic: Cannot see all results when search in webmail calendar
Next Topic: Progamatically Send email
Goto Forum:
  


Current Time: Sun Jun 04 12:48:57 CEST 2023

Total time taken to generate the page: 0.02342 seconds