Re: Identifying logins

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



>> I'm trying to understand how the logins work:
>> Oct 2 09:22:28 [LOGIN] user1 ( from
>> Oct 2 09:51:23 [LOGIN] user1 ( from
>> Oct 2 10:15:23 [LOGIN] user1 ( from
>> Oct 2 10:33:47 [LOGIN] user1 ( from
>> Oct 2 10:51:06 [LOGIN] user1 ( from
>> Oct 2 11:59:54 [LOGIN] user1 ( from
>> Oct 2 12:32:32 [LOGIN] user1 ( from
>> There were no LOGOUT entries between each of these. How can I
>> determine what the typical "login" or "session" would be, not when
>> apparently the imap client logged in?
>> In other words, are these actual logins, or periodic checks by the
>> underlying IMAP client (dovecot)?
> Your understanding should be correct. Actual IMAP logins happen once or
> more per page view. There will be many more of those. Your user above is
> displaying strange behavior. If you find that the user isn't actually
> logging in at those times, I could look around the code.

This user's account was hacked. This is part of an investigation into
whether webmail was one of the sources of this hack.

We know submission was involved, but did not think webmail was a source as well.


Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.
squirrelmail-users mailing list
Posting guidelines:
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives:
List info (subscribe/unsubscribe/change options):

[Index of Archives]     [Video For Linux]     [Yosemite News]     [Yosemite Photos]     [gtk]     [KDE]     [Cyrus SASL]     [Gimp on Windows]     [Steve's Art]     [Webcams]

  Powered by Linux