iwebmsg runs IMAP which we have seen racing quite a bit since 5.05 (only...
only negative about the upgrade) and hope that Ipswitch is working on that
as it seems a popular complaint on the list here recently... so it may not
be a hack, but rather a race condition that corrupted the image file (.exe)
when shut down?
Just in case the admin password thing is a sign that something really did
happen...
I think you should do the standard stuff go in to "User Manager for
Domains", "Accounts", "Auditing", and turn on all the auditing you think you
need. Rename your admin account and have EVERYONE change their password.
The watch your logs every two hours for a few days to see if the auditing
you turned on reveals anything. I would also set up NT (same place as
before) to lock out any account that fails to log in 3 times in a row and
send you an alert.
Still my gut feeling is that if you reinstall the *.exe's etc. for web
messaging (re-apply the patch?) that should fix it temporarily. We really
are seeing races when deleting messages through IMAP or iwebmsg on two
disparate production systems. Any clue on that anyone?
-V
----- Original Message -----
From: Anthony Poisson <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 30, 1999 9:14 AM
Subject: [IMail Forum] emergency: iwebmsg crashing
> Running 5.05, on a NT machine we have noticed intermittent instances in
the
> last few days of the iwebmsg taking up 100% of the cpu....this morning it
> was running at 100% and i could not even get services panel to open up to
> stop it so I had to reboot...after rebooting, iwebmsg now crashes
everytime
> it tries to start and we cannot get it to run....The pop and smtp were
> acting screwy too but seems to be all right...We are suspecting some sort
of
> hacking job, maybe someone brute-force attacking the web messaging
> port...another strange things is that the admin password to our main
domain
> was changed and no one here yet has admitted changing it. What can we do
to
> get iwebmsg to come back up and what security measures can we take to
> prevent any attacks on it, if that is indeed what is happening?
>
> Thank You,
>
> Tony Poisson
> Tidalwave Technical Support
> [EMAIL PROTECTED]
> ICQ# 12481464
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
