Hackers using IMAP

Discussions on webmail and the Professional version.
Post Reply
BCPlus
Posts: 16
Joined: Fri Aug 15, 2014 6:44 pm

Hackers using IMAP

Post by BCPlus »

We've seen an increase in hackers using IMAP interface to hack POP accounts. IMAP or POP is automatically turned on in Mailenable, so I find no way to limit account login to just POP/SMTP protocol.

Is there a way to disable IMAP on a per-account basis? Otherwise, I'm having issues figuring out how to keep them out (other than blocking IP ranges in the server firewall).

IMAP seems to be an easy avenue for hackers to hack away at our user accounts - had one hacked last night. I only have a handful of IMAP users, mostly POP users - I see no way to disable IMAP for my POP users (that would be helpful, I think), so I'm at a loss about how to defend my POP users.

Anyone have any ideas about this? Any help appreciated.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Hackers using IMAP

Post by MailEnable-Ian »

Hi,

How do you know that IMAP is the avenue for the hackers? Do you see anything in particular in the IMAP log files? If you need to restrict IMAP at the postoffice/mailbox level then you will need to Enterprise edition for this feature. Also what version of MailEnable Professional are you running?
Regards,

Ian Margarone
MailEnable Support

BCPlus
Posts: 16
Joined: Fri Aug 15, 2014 6:44 pm

Re: Hackers using IMAP

Post by BCPlus »

Ian,

I'm still on version 9.53

In the IMAP logs, I see many failed login attempts. Occasionally I see authentication, like this morning when I saw one user's account get hacked - German IP - all messages downloaded.

So this version doesn't allow me to disable IMAP? I need to upgrade?

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Hackers using IMAP

Post by MailEnable-Ian »

Hi,

Firstly you need to upgrade 9.81 to address security issues and problems in MailEnable core services. Answering your question about disabling IMAP you can only do this globally in Professional. You need to upgrade to Enterprise for disabling it at the postoffice or mailbox level.
Regards,

Ian Margarone
MailEnable Support

Post Reply