Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Unknown Imap Logouts in Logwatch

Discussion in 'General Discussion' started by Morley, Sep 7, 2007.

  1. Morley

    Morley Well-Known Member

    Joined:
    Apr 24, 2007
    Messages:
    66
    Likes Received:
    0
    Trophy Points:
    156
    Hi,

    I'm a novice at reading the logwatch results but I was alarmed at seeing a few LOGOUT IPs that were not like the rest. Usually everything is either me or another couple of users. Here's a sample:

    Known user:
    LOGOUT, user=known@myhost.com, ip=[::ffff:67.188.132.183], headers=5306, body=171623, rcvd=20284, sent=231499, time=68502: 1 Time(s)
    LOGOUT, user=knownuser@myhost.com, ip=[::ffff:67.188.132.183], headers=5830, body=216964, rcvd=17809, sent=300830, time=68501: 1 Time(s)

    Unknown IP
    LOGOUT, ip=[::ffff:69.64.32.77], rcvd=11, sent=307: 48 Time(s)
    LOGOUT, ip=[::ffff:81.19.151.110], rcvd=11, sent=307: 48 Time(s)
    LOGOUT, ip=[::ffff:85.25.129.25], rcvd=11, sent=307: 43 Time(s)

    These IPs all resolve to web pages.

    Should I be concerned about these?

    Thanks
     
    #1 Morley, Sep 7, 2007
  2. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,131
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    New York
    Could be third party webmail logins. I started seeing this from verizon webmail intefaces recently but with known-good accounts.

    If all they are doing is reading email and nothing else weird is going on I cant imagine what else they could be doing. 81.19.151.110 is a uptime monitor, so someone could be watching your performance, my customers do it with all kinds of tools.

    One is from germany, do you have customers there?.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 nyjimbo, Sep 7, 2007
    Last edited: Sep 7, 2007
  3. Morley

    Morley Well-Known Member

    Joined:
    Apr 24, 2007
    Messages:
    66
    Likes Received:
    0
    Trophy Points:
    156
    No customers from germany but I do use an uptime monitor. Would this show up in the logs even if someone just contacts the IMAP?

    Thanks
     
    #3 Morley, Sep 7, 2007
(You must log in or sign up to post here.)
Loading...
Similar Threads - Unknown Imap Logouts
  1. adamreece.webbox

    SSHD fails with AuthorizedKeysCommandUser unknown error

    adamreece.webbox, Oct 10, 2018, in forum: Security
    Replies:
    3
    Views:
    80
    cPanelLauren
    Oct 11, 2018 at 11:29 AM
  2. CanadaGuy

    KernelCare Patch Unknown Kernel Alerts

    CanadaGuy, Oct 9, 2018, in forum: Security
    Replies:
    8
    Views:
    113
    cPanelLauren
    Oct 12, 2018 at 9:17 AM
  3. upsforum

    Unknown Kernel alert

    upsforum, Aug 23, 2018, in forum: General Discussion
    Replies:
    2
    Views:
    126
    cPanelLauren
    Aug 24, 2018
  4. Luana Premoli

    Roundcube Error - Unknown storage engine InnoDB

    Luana Premoli, Aug 23, 2018, in forum: Database Discussion
    Replies:
    3
    Views:
    182
    cPanelMichael
    Aug 27, 2018
  5. Paul Shultz

    Unknown Kernel (CentOS Linux 3.10.0-862.11.6.el7.x86_64)

    Paul Shultz, Aug 19, 2018, in forum: General Discussion
    Replies:
    3
    Views:
    314
    cPanelLauren
    Aug 20, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice