'Re: [SM-USERS] Forcing a logout (invalidating current session)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squirrelmail-users
Subject:    Re: [SM-USERS] Forcing a logout (invalidating current session)
From:       Paul Lesniewski <paul () squirrelmail ! org>
Date:       2009-10-31 4:13:43
Message-ID: 58191e420910302113q6817b1fbr4a39eefd038fa361 () mail ! gmail ! com
[Download RAW message or body]

On Fri, Oct 30, 2009 at 2:07 PM, Andrew Daviel <advax@triumf.ca> wrote:
> 
> We had a user account compromised somehow (bad guys got the password).
> 
> The user has changed their password.
> How can I kick off any logged-in sessions and make sure they can't login
> without knowing the new password ?

As others have suggested, restart imapproxy if you use it and grep for
PHP session files with the username in them and delete those.  That's
probably the least intrusive (to any other users) method.

> I zapped the security tokes in user prefs (seemed like a good idea)
> 
> BTW, interesting spammer technique - replaced the squirrelmail signature
> with the message, then sent empty messages)

You can (could have) stopped this almost right away with MTA
rate-limiting or by using the Restrict Senders plugin.  The Squirrel
Logger plugin could also have alerted you to the problem.  If the
attacker got the password by guessing on the login page, you can use
the Lockout and/or CAPTCHA plugins to block such attempts.

-- 
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): \
https://lists.sourceforge.net/lists/listinfo/squirrelmail-users


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic