Can I see if somone has been logging in to my account remotely?

[PennyLane1]

Hi - sorry if I am on the wrong board. I am not a techie, just a user. I have been suspecting someone is logging into my Groupwise account remotely - if I consult with my IT department, is there a way for them to determine this or not? Obviously I will change my password as well. If you CAN tell that someone logged in, is there any evidence that can identify who it was (IP address?) or when they logged in?

Thanks much.

 

[ITsmyfault]

depends on the logging setup on the system. If the agents are logging verbosely, you will see, for ex, on the Post office logs the IP and ID of the connections as they are made. If we're talking about webaccess, Apache should have logs of the IP's which have connected and the Web Access Agent keeps track of who is connected and what they're doing. If the servers are running NTP (time protocol) the time on the various logs will sync up and you can positively tell what happened when in many cases. Where the display can sometimes fall apart is when the source is NATted; oftentimes I see the private IP the user came from and not the public IP which makes it much tougher to ID (although it could confirm that someone other than you was accessing your account)
hope that helps!

 

[MichiganRon]

Penny,

Change your password and don't tell anyone what it is. Don't write it down on a piece of paper or put it in a file on your computer. Keep your password in your head.

Check your proxy rights. Using the GroupWise client, go to Tools > Options... > Security > Proxy Access. Click "All User Access" and make sure that no checkmarks are present. All options should be unchecked. Check any other users who appear in your proxy list. Remove the proxy rights for users who don't need it.

If nobody knows your password, and nobody has proxy rights to your mailbox, it's extremely unlikely that someone has been logging into your mailbox. It's very difficult to "break into" a GroupWise mailbox, even for an admin.

If you're into paranoia, it's also plausible that someone has installed a key-logger on your computer and is gathering your password each time you change it. Or, someone could be monitoring web traffic on your WebAccess server and stealing passwords via a less-than-secure login page.

These things are extremely unlikely, but plausible.

Anyhow, I'd start by changing your password and checking your proxy rights.

Hope that helps,
Ron

P.S. If you use WebAccess, be sure NOT to save your password in the browser. This, too, is a very bad practice.

“If you are irritated by every rub, how will you be polished?” ~ Mevlana Rumi


Do you live in Michigan? Join us in the Tek-Tips in Michigan forum.

 

[LawnBoy]

It's very difficult to "break into" a GroupWise mailbox, even for an admin.

I second that statement. GW mailboxes are more secure than any other system I've ever seen.