Skip to main content

All emails passwords not working now

Comments

7 comments

  • 360webfirm

    I would blame it all on outlook and maybe credential manager on his PC, but what gets me a little confused is he says his emails dont work on his Iphone also. Now this is concerning.

    0
  • cPRex Jurassic Moderator

    Are there any helpful entries in /var/log/maillog when he tries to connect?  Are you able to connect with an alternative account on his device?

    0
  • 360webfirm

    This is the thing, I ran a few commands and it looks like it was only my IP address that changed any email password on this server.  So, it looks like no one did login or gained access to any place within c panel to change any email password unless it does not show within the logs.

    The issue is that all his accounts 4 with me on my server, has emails and each and everyone of his emails did not work with Outlook and all of a sudden asked for passwords and even his Iphone which then got me thinking, what is going on here.  However, I also have a few emails on his account that did not have any issues at all and I could see no other IP on the email password log changes and I also could not see any vulerability and scanned all accounts using two methods and all super clean.

    I ran this grep -a passwd_pop /usr/local/cpanel/logs/access_log | grep "ACCOUNT-NAME-HERE"

    I even checked account logs and again, no ones IP except my own.  No one logs in normally with this server except me as its relatively new and I manage it all and they dont need to login.

    0
  • 360webfirm

    Its just strange that his passwords were changed and only his for his emails.  When he could nto connect also I changed the passwords for him and he was able to connect very easily so this is very strange how on earth this happened and it concerns me. Evidence points to his password being changed on his end, not the server but why, at what ends?  I dont get what was happening I just know that I have a few emails, one account as example, has two emails we both use as I do admin stuff for him on his website so I also use an email on his account and my email had absolutely no issues, while his email did not work because outlook did not know the password or it was changed there.  Just confusing and weird

    0
  • 360webfirm

    When checking logs for his login, he was locked out by CPHulk because his email was not authenticated which makes sense as his passwords were not working for him and he kept trying locking himself out.  This is very strange and weird and it’s bothering me because its not just his outlook, its his iPhone also but all logs show all email password changes were done by me and the dates correspond to my recollection and this is accurate.

    This started on the 20th and no password was changed until the 21st by me and only when he could not login, so I tried changing password which worked for him and he was able to connect right away.   The emails I use the password did NOT need changed, ONLY his emails. Very strange indeed.

    0
  • cPRex Jurassic Moderator

    It definitely sounds strange, and I certainly don't have a good explanation on my end from the outside looking in.  You can always submit a ticket so this can be investigated directly on the system.

    0
  • 360webfirm

    I did submit a ticket, just takes a long time to get any responses.

     

    I looked at the main access_log file and I can see a lot of IP's trying to gain access to webmail.domain.com using several ports. I enabled 2FA on everythign including all webmail access through browser, whm and all c panel accounts.  I also know that the logs I have seen for password changes are just my own IP, so maybe for some odd reason he got blocked by CPHulk with one account, while the others he could nto login due to cool down IP being blocked. Strange indeed.

    0

Please sign in to leave a comment.