Jeremy Kitchen wrote:
On Tuesday 12 April 2005 01:52 pm, DAve wrote:
I have recorded a AOL ip attempting to connect to a users pop account, this user having experienced missing email for the last two months. The attempts showed up when I changed the users simple password to a better one.
are you sure it's not just the user? :) Or perhaps a friend of the user, who let your user use his or her computer, and set up the account in OE or something?
We discounted that a month ago, executives rarely loan their business email accounts to friends or check confidential accounts on a friends computer. The machine has had the email client reinstalled, the hard drive wiped and reinstalled/reconfigured by a tech. This is the clients second password change.
No answer from AOL at their [EMAIL PROTECTED] account concerning my inquires and log samples. I'm being told by an ex AOL employee that they will not provide any details of the user attempting to hack the pop account.
of course not, especially for something this petty.
Petty is other peoples email, important is your email.
Now if your boss were calling you to the carpet at Inter7 because you were not responding to emails, filing reports when requested, or providing legal documents when required, I am sure it would not seem petty to you ;^)
Any suggestions? How would other admins handle this? FBI? CERT? I do know that AOL will delete the records tonight so anything I do must happen soon or the information will be lost forever.
I highly doubt anything bad is going on... and even if there is.. I highly doubt the FBI would do anything about it.
This is exactly the type of thing the CyberCrime unit was designed for. Considering that interuption of Federal hiring practices is in fact a crime ( the client is a large staffing company ) I considered the possibility of contacting the FBI, but I'd like more information other than *my* logs. Which takes us back to my original question of "how can I get more info from AOL?".
Change the user's password to one that isn't blatantly stupid, and problem is solved.
Of course we did, this is how we logged the failed password attempts, by insisting that the user let *me* pick the password this time. But thanks for the thoughts.