On Sat, 31 Oct 2009, Paul Lesniewski wrote: > On Fri, Oct 30, 2009 at 2:07 PM, Andrew Daviel <advax@xxxxxxxxx> wrote: >> >> We had a user account compromised somehow (bad guys got the password). >> >> The user has changed their password. >> How can I kick off any logged-in sessions and make sure they can't login >> without knowing the new password ? > > As others have suggested, restart imapproxy if you use it and grep for > PHP session files with the username in them and delete those. That's > probably the least intrusive (to any other users) method. Thanks to Tomas' suggestion, I ran phpinfo.php and found the session logs in /var/lib/php/session Format is ugly but a grep for '"username";user_is_logged_in" seems to work. Whe I click on "compose" after locking my account (no imapproxy) I get an immediate failure, so I'm not sure killing the session files is necessary, but it won't hurt. I also found a good number of deferred messages (naturally) in the sendmail queue I was able to remove. I found docs on how to move them to a quarantine queue in the sendmail manpages, but not how to actually delete them. Zapped them with a bit of sed/grep pipefitting. -- Andrew Daviel, TRIUMF, Canada Tel. +1 (604) 222-7376 (Pacific Time) Network Security Manager ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
