1

Topic: all password suddenly change

we have hundreds of account that the password has changed suddenly
i don't know what happen to iredmail server

using debiang 5 and iredmail 0.6.0 with applied hotfix

how do i find out what the cause ? for now, every user that complaining cannot login, i have to reset their password..

please give me some clue where to start...

2

Re: all password suddenly change

Was you server been cracked?

Please check your network services which open to external network, e.g. SSH, OpenLDAP, MySQL, etc. Make sure your passwords are not leaked or cracked, it's recommended to change them immediately.

3

Re: all password suddenly change

ZhangHuangbin wrote:

Was you server been cracked?

Please check your network services which open to external network, e.g. SSH, OpenLDAP, MySQL, etc. Make sure your passwords are not leaked or cracked, it's recommended to change them immediately.

i have found mysql privileges in phpmyadmin , root user has 3 list
user host          password global privileges  grant
-------------------------------------------------------------
root     127.0.0.1     No     ALL PRIVILEGES     Yes    
root     localhost     Yes     ALL PRIVILEGES     Yes    
root     mail             No     ALL PRIVILEGES         Yes

is it necessary for root user to have this 3 list, with 2 of them, using password: No
if iredmail don't need this i will delete root@127.0.01 and root@mail immediatly

4

Re: all password suddenly change

iRedMail just needs root@localhost.