I would start by checking the ip adress that user logged in with.
On 02/08/2018 07:10 PM, Jorge Bastos wrote:
Howdy,
I have a verrryyyyy odd thing happening.
I have an user, unknown, that is in my users table, for a domain */_that isn’t mine, and never was._/*
This records keep’s having last_login fields updated, so someway he’s being able to login right?
Odd to see that the field after the datetime fields (that is the failed_login_count) is zero,
Is there any plugin or so to records the IP from which the logins are made?
Where to search for this possible breach?
Regards,
Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users