User Activity, lots of users for same account, is that right?

Question asked by YS Tech - 2/23/2022 at 8:44 AM

Unanswered

I'm currently looking at the User Activity area and its showing 70-80 users for around 25 accounts, most of the duplicates are via webmail.

Should I be worried or is this normal?

I'm a bit concerned that there are multiple people logged into the accounts that shouldn't be.

I'm not quite sure what the IPs listed relate to because I'm logged into webmail and it doesn't show my IP address in the list. Is the IP the IP of the webmail address?

Thanks

4 Replies

Reply to Thread

Kyle Kerst Replied

2/23/2022 at 10:42 AM

Employee Post

My theory is these are likely leftover sessions that haven't timed out. You can check who is actually logging in to those accounts by checking the IPs listed in the Administrative logging for those user accounts though, and if you see any that don't match your customer's public IP address you can then blacklist as needed. On your own login, is it possible it is showing something like ::1 or 127.0.0.1 for your session? These would imply loopback and indicate you're logging on directly to the server. I hope this helps :)

Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com

YS Tech Replied

2/23/2022 at 11:00 AM

These are the admin ones currently. Is this because the webmail is sitting on a server which the dns is held on cloud flare?

There is only myself as admin and none of these are my IP address.

Kyle Kerst Replied

2/23/2022 at 12:02 PM

Employee Post

That is likely yes. If you're routing all traffic through Cloudflare (with the cloud icon enabled) all traffic will come in via Cloudflare IPs.

Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com

YS Tech Replied

2/23/2022 at 5:14 PM

OK, thanks that may well explain it.

Back to Community Threads

Please leave this box unchecked

4 Replies

Reply to Thread

Tags

Related Knowledge Base Articles