Admin account lockout

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
snowymoountain
Advanced member
Advanced member
Posts: 62
Joined: Thu Aug 02, 2018 4:24 pm

Admin account lockout

Postby snowymoountain » Mon Jul 15, 2019 9:52 am

Hi,

I appear to be locked out of the admin account, I have changed the password but still seem to be logged out... any idea's ?


phoenix
Ambassador
Ambassador
Posts: 26244
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Admin account lockout

Postby phoenix » Mon Jul 15, 2019 10:18 am

That should never happen of it's own accord. There were reports of multiple admin accounts being created by one of the most recent versions of the 'hack', have you checked if your server might be compromised? I'm assuming you only have one admin account that you created (or the initial ZCS install)?
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
snowymoountain
Advanced member
Advanced member
Posts: 62
Joined: Thu Aug 02, 2018 4:24 pm

Re: Admin account lockout

Postby snowymoountain » Mon Jul 15, 2019 10:37 am

Hi,

looks like a brute force attempt, I increased the password security and unlocked the account, there is only one admin account but two other groupcaladmin@ accounts...

I am on

Release 8.8.9_GA_2055.RHEL7_64_20180703080917 RHEL7_64 FOSS edition, Patch 8.8.9_P10.

Server has not been compromised and all good.

I have fail2ban enabled and specifically set up for Zimbra auth attempts and also have all firewall ports disabled apart from the essentials...
User avatar
L. Mark Stone
Elite member
Elite member
Posts: 1994
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine
ZCS/ZD Version: 8.8.12 Network Edition
Contact:

Re: Admin account lockout

Postby L. Mark Stone » Mon Jul 15, 2019 11:02 am

The bad actors know Zimbra sets the default admin account as “admin@...” and will brute force it all day long.

The trick is either to create a global admin account that is named something a little cryptic, or, you can configure DoSFilter to block the bad actor’s IP address before your password lockout policy kicks in. (You can also do both...)

Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 18 guests