Preventing access to hacked account

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
zigi2020
Posts: 1
Joined: Sun Jun 07, 2020 8:17 pm

Preventing access to hacked account

Postby zigi2020 » Sun Jun 07, 2020 8:30 pm

Hello,

We have Zimbra 8.5.0 GA in production on RHEL 6 OS.
Our users authenticate via LDAP server.
We found out a number of user accounts that are hacked.
These accounts are now used for sending spam.
We noticed that even if we change their LDAP passwords malicious users are still somehow able to login and send spam.
How to prevent malicious users to use compromised accounts without locking accounts?

Thank you for any suggestion.


phoenix
Ambassador
Ambassador
Posts: 26710
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Preventing access to hacked account

Postby phoenix » Mon Jun 08, 2020 3:59 am

You should not be on an old version of ZCS, there are security flaws in versions prior to the current ZCS 8.8.15 that also include having your server hacked and sending spam etc. You could try disabling those accounts but I'd suggest you upgrade to the most recent version of ZCS today, tomorrow is too late. ;)

It is foolhardy and a danger to your reputation and users (never mind the people that receive your spam) not to keep your server software up-to-date.

Check your server by reading this thread: https://forums.zimbra.org/viewtopic.php?f=15&t=65932
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
GlooM
Advanced member
Advanced member
Posts: 93
Joined: Sat Sep 13, 2014 12:50 am

Re: Preventing access to hacked account

Postby GlooM » Wed Jun 10, 2020 7:48 am

phoenix wrote:You should not be on an old version of ZCS, there are security flaws in versions prior to the current ZCS 8.8.15 that also include having your server hacked and sending spam etc. You could try disabling those accounts but I'd suggest you upgrade to the most recent version of ZCS today, tomorrow is too late. ;)

It is foolhardy and a danger to your reputation and users (never mind the people that receive your spam) not to keep your server software up-to-date.

Check your server by reading this thread: https://forums.zimbra.org/viewtopic.php?f=15&t=65932


Hello! I use 8.7.11 version with last security patches.
viewtopic.php?f=15&t=68306&p=297598#p297598

Recently asked a similar question. Spam continued after account was locked. As I understand it, the reason is that internal ip addresses are whitelisted and user authorization is not checked.
User avatar
L. Mark Stone
Elite member
Elite member
Posts: 2196
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 8.8.15 Network Edition
Contact:

Re: Preventing access to hacked account

Postby L. Mark Stone » Wed Jun 10, 2020 2:00 pm

Have you checked this: https://wiki.zimbra.com/wiki/Using_and_ ... _attribute

Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/

Return to “Administrators”

Who is online

Users browsing this forum: Bing [Bot] and 18 guests