Admin account lockout

snowymoountain · Post by **snowymoountain** » Mon Jul 15, 2019 9:52 am

Hi,

I appear to be locked out of the admin account, I have changed the password but still seem to be logged out... any idea's ?

phoenix · Post by **phoenix** » Mon Jul 15, 2019 10:18 am

That should never happen of it's own accord. There were reports of multiple admin accounts being created by one of the most recent versions of the 'hack', have you checked if your server might be compromised? I'm assuming you only have one admin account that you created (or the initial ZCS install)?

snowymoountain · Post by **snowymoountain** » Mon Jul 15, 2019 10:37 am

Hi,

looks like a brute force attempt, I increased the password security and unlocked the account, there is only one admin account but two other groupcaladmin@ accounts...

I am on

Release 8.8.9_GA_2055.RHEL7_64_20180703080917 RHEL7_64 FOSS edition, Patch 8.8.9_P10.

Server has not been compromised and all good.

I have fail2ban enabled and specifically set up for Zimbra auth attempts and also have all firewall ports disabled apart from the essentials...

L. Mark Stone · Post by **L. Mark Stone** » Mon Jul 15, 2019 11:02 am

The bad actors know Zimbra sets the default admin account as “admin@...” and will brute force it all day long.

The trick is either to create a global admin account that is named something a little cryptic, or, you can configure DoSFilter to block the bad actor’s IP address before your password lockout policy kicks in. (You can also do both...)

Hope that helps,
Mark

Zimbra Forums

Admin account lockout

Admin account lockout

Re: Admin account lockout

Re: Admin account lockout

Re: Admin account lockout