yahoolane
asked on
Lotus Domino 7 - Find User
I found a users account has been hacked
Problem is I can't find the user on the system
I am looking for jose
so I can change their password or delete
their account I can't seem to find that short name
we always used a Longer name, not like, just a first name
Problem is I can't find the user on the system
I am looking for jose
so I can change their password or delete
their account I can't seem to find that short name
we always used a Longer name, not like, just a first name
Have you tried the (hidden) view "($Users)"?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sjef,
I dont' understand the how to fix,
this user jose
on my system, I really don't want to open every profile
I have tried and still not found it.
I dont' understand the how to fix,
this user jose
on my system, I really don't want to open every profile
I have tried and still not found it.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
A few things had come to mind:
- a compromised user account,
- a public form + bot,
- spoofing,
but I wouldn't have guessed from this question that this might have been be an open relay.
I do think this emphasizes Sjefs question: what exactly made you distrust your current security and how did you come acrosse jose?
PS
No need to open every profile if you use the ($Users) view; it contains virtually every name variant of every user. If you use a secondary addressbook (directory), you may have to check that one as well!
- a compromised user account,
- a public form + bot,
- spoofing,
but I wouldn't have guessed from this question that this might have been be an open relay.
I do think this emphasizes Sjefs question: what exactly made you distrust your current security and how did you come acrosse jose?
PS
No need to open every profile if you use the ($Users) view; it contains virtually every name variant of every user. If you use a secondary addressbook (directory), you may have to check that one as well!
ASKER
Help me a little more about
($Users) view
what tab what menu??
I am not a open relay, I tested.
I came across Jose by catching the traffic to the smtp server when
the hack was occurring
and that was the user, and the password was not strong.
($Users) view
what tab what menu??
I am not a open relay, I tested.
I came across Jose by catching the traffic to the smtp server when
the hack was occurring
and that was the user, and the password was not strong.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Then show us some Trace dump please, if you do want our assistance but don't want to show us real info from the Domino logs...
ASKER
The Logs don't show much,
they don't give user logging in.
I am going to start a firewall dump again.
see who is knocking.
they don't give user logging in.
I am going to start a firewall dump again.
see who is knocking.
No, they don't give much logging info, especially not if the mails aren't relayed by the Domino server. If the mails are sent or transferred by the Domino server, there MUST be some log documents in the Mail Routing section. Applying a logical NOT(x) to the statement: if you don't see anything in the mail logs, it isn't sent by Domino!
There are things you can do:
- you can activate Mail Journalling, if you want to capture all mails, or specific mails
- check all ports on the server, to find out if there are multiple mail servers running
Sheesh, you make it very difficult for us: our hands are tied behind our backs, we're blindfolded, all we get are some bits and bobs of information... I very much dislike guessing games.
There are things you can do:
- you can activate Mail Journalling, if you want to capture all mails, or specific mails
- check all ports on the server, to find out if there are multiple mail servers running
Sheesh, you make it very difficult for us: our hands are tied behind our backs, we're blindfolded, all we get are some bits and bobs of information... I very much dislike guessing games.
Did you perhaps only witness a login attempt? Those can be quite common. My Domino Web Server Log shows numerous attempts to gain acces through some common php/apache url's. E.g. <host>/phpMyAdmin/scripts/ setup.php. Some url's are completely 'escaped'. I wouldn't be surprised if some attempts include login attempts. 'Jose' wouln't be my 1st choise for such attempts though. ;-)
Hi there,
In order to find the root cause of this problem firstly ,You mentioned "I found a users account has been hacked" ,,, How did you find the account was hacked ?
Best Wishes
In order to find the root cause of this problem firstly ,You mentioned "I found a users account has been hacked" ,,, How did you find the account was hacked ?
Best Wishes
Solved? Ok, great news, but how was it solved??
ASKER
The problem has been solved.
Can you please tell us how you solved the problem??
ASKER
There was no solution,
The answer was to chance the password for everyone who's first name was jose
and that seem to fix it.
Now that does not make sense since their 'shortname' was not jose.
we use a FL Lastname format..
So it must be some sort of bug or Feature in Lotus 7
The answer was to chance the password for everyone who's first name was jose
and that seem to fix it.
Now that does not make sense since their 'shortname' was not jose.
we use a FL Lastname format..
So it must be some sort of bug or Feature in Lotus 7
Maybe you should set the Internet Access authentication to "Fewer name variations with higher security". It's in the Server document, Security tab, under Internet Access.