[RCU] Unknown user in users table, very odd, possible security hole

Jorge Bastos mysql.jorge at decimal.pt
Thu Feb 8 19:10:18 CET 2018


Howdy,

 

I have a verrryyyyy odd thing happening.

I have an user, unknown, that is in my users table, for a domain that isn't
mine, and never was.

This records keep's having last_login fields updated, so someway he's being
able to login right?

 



 

Odd to see that the field after the datetime fields (that is the
failed_login_count) is zero,

 

Is there any plugin or so to records the IP from which the logins are made?

Where to search for this possible breach?

 

Regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.roundcube.net/pipermail/users/attachments/20180208/2ae74690/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 3468 bytes
Desc: not available
URL: <http://lists.roundcube.net/pipermail/users/attachments/20180208/2ae74690/attachment.png>


More information about the users mailing list