GroupWise account is regularly disable

Hi,

the accounts of two workers are disable regularly.
Yes I know that when someone tries to access with a bad password several times the account will be immediately blocked.
Is there a way around this or some other method to handle this ??
Because his workers are surprised that their account is blocked even though they haven not entered a bad password.

## I suppose that their password was always wrong
#Groupwise 2014 R2.

Cheer

Tags:

  • etalatala wrote:

    > the accounts of two workers are disable regularly.


    That sounds to me like someone else is trying to login to their
    accounts.

    Do the logs provide any additional information?

    Are you using Web Access? If so, invalid attempts to login from the web
    will also disable the account.

    --
    Kevin Boyle - Knowledge Partner
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below this post.
    Thank you.
  • We see this too. First we thought it's coming from webacc. So we added a
    second login before GW login. But still some accounts werde disabled. It
    turned out that bad people tried to hack via iMap. Only thing was, do
    disable iMap.


    Regards

    Ullrich

    etalatala schrieb:
    >
    > Hi,
    >
    > the accounts of two workers are disable regularly.
    > Yes I know that when someone tries to access with a bad password several
    > times the account will be immediately blocked.
    > Is there a way around this or some other method to handle this ??
    > Because his workers are surprised that their account is blocked even
    > though they haven not entered a bad password.
    >
    > ## I suppose that their password was always wrong
    > #Groupwise 2014 R2.
    >
    > Cheer
    >
    >


  • Ullrich wrote:

    > We see this too. First we thought it's coming from webacc. So we
    > added a second login before GW login. But still some accounts werde
    > disabled. It turned out that bad people tried to hack via iMap. Only
    > thing was, do disable iMap.


    It's unfortunate you had to disable imap but when all else fails that
    may be the only solution. Before doing so there may be a few
    workarounds.

    Every situation is different. What might work in one situation may not
    work in another. Here are some ideas that may help others having this
    problem.

    - Use strong passwords and change them frequently. This won't prevent
    account lockouts but will protect the account from unauthorised access.

    - Use non-standard imap/pop3 ports. The easiest way to do this is to
    use port forwarding in your firewall.

    - Monitor your logs. If you see attempted unauthorised access from
    certain parts of the world or even specific IP addresses create
    firewall rules to block those IP addresses or even large blocks of IP
    addresses. In some cases it may be easier to permit access from only a
    few specific blocks of IP addresses.

    Yes, this requires additional work. First you have to decide how
    important it is to provide Internet access to email using imap/pop3
    then take appropriate steps to protect your users accounts.



    --
    Kevin Boyle - Knowledge Partner
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below this post.
    Thank you.