Backward time shown in Administrative log for Webmail brute force events

Problem reported by Ionel Aurelian Rau - 11/28/2018 at 2:30 AM

Resolved

Hi,

Please have a look at this log line (from the Administrative log):

[2018.11.28] 10:13:28 [redacted IP]Login failed: Too many login attempts for user redacted@redacted.com.  Brute force attempts increased to 7.  Next clean available at 11/28/2018 8:13:35 AM

As you can see, the log entry was made at 10:13:28, which is correct as that is the time the user tried with the wrong credentials over and over again. But the "Next clean available" is at the same date, but 2 hours ago? How does that work?

This is how all of these events look like. The time on the server was 10:13:28 at the time of the event.

Any help would be appreciated.

2 Replies

Reply to Thread

Larry Duran Replied

11/30/2018 at 8:40 AM

Employee Post Marked As Resolution

Hello Lonel, the clean time you see in the logs is in UTC time instead of server time. This is something that is being fixed in SmarterMail17 and will be in the next release. So the clean time will now be in the same timezone as the logs.

So instead of seeing the log you posted it would now look like this:

[2018.11.28] 10:13:28 [redacted IP]Login failed: Too many login attempts for user redacted@redacted.com.  Brute force attempts increased to 7.  Next clean available at 11/28/2018 10:13:35 AM

Larry Duran Software Developer SmarterTools Inc. www.smartertools.com