Page 1 of 1

Admin account lockout

Posted: Mon Jul 15, 2019 9:52 am
by snowymoountain
Hi,

I appear to be locked out of the admin account, I have changed the password but still seem to be logged out... any idea's ?

Re: Admin account lockout

Posted: Mon Jul 15, 2019 10:18 am
by phoenix
That should never happen of it's own accord. There were reports of multiple admin accounts being created by one of the most recent versions of the 'hack', have you checked if your server might be compromised? I'm assuming you only have one admin account that you created (or the initial ZCS install)?

Re: Admin account lockout

Posted: Mon Jul 15, 2019 10:37 am
by snowymoountain
Hi,

looks like a brute force attempt, I increased the password security and unlocked the account, there is only one admin account but two other groupcaladmin@ accounts...

I am on

Release 8.8.9_GA_2055.RHEL7_64_20180703080917 RHEL7_64 FOSS edition, Patch 8.8.9_P10.

Server has not been compromised and all good.

I have fail2ban enabled and specifically set up for Zimbra auth attempts and also have all firewall ports disabled apart from the essentials...

Re: Admin account lockout

Posted: Mon Jul 15, 2019 11:02 am
by L. Mark Stone
The bad actors know Zimbra sets the default admin account as “admin@...” and will brute force it all day long.

The trick is either to create a global admin account that is named something a little cryptic, or, you can configure DoSFilter to block the bad actor’s IP address before your password lockout policy kicks in. (You can also do both...)

Hope that helps,
Mark