Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » [Disable] Attempt to hijack Webmail session
  •  
Nicholas.Yong

Messages: 9
Karma: 0
Send a private message to this user
Quote:


[17/Aug/2005 17:04:54] Attempt to hijack Webmail session 7b5b7788dbabb9ef57ff8ea3d45078c6 (created for IP=219.93.174.110, secure=no) by connection from IP=219.95.247.195, secure=no
[17/Aug/2005 17:04:56] Attempt to hijack Webmail session 7b5b7788dbabb9ef57ff8ea3d45078c6 (created for IP=219.93.174.110, secure=no) by connection from IP=219.95.247.195, secure=no
[17/Aug/2005 17:06:08] Attempt to hijack Webmail session ef3c187e98d8c64d4478a48dc02acfdd (created for IP=219.93.174.110, secure=no) by connection from IP=219.93.174.103, secure=no
[17/Aug/2005 17:06:09] Attempt to hijack Webmail session ef3c187e98d8c64d4478a48dc02acfdd (created for IP=219.93.174.110, secure=no) by connection from IP=219.93.174.103, secure=no
[17/Aug/2005 17:06:21] Attempt to hijack Webmail session 8d520139fb2249682b958c5a4069c946 (created for IP=219.93.174.108, secure=no) by connection from IP=219.95.247.195, secure=no
[17/Aug/2005 17:06:27] Attempt to hijack Webmail session 8d520139fb2249682b958c5a4069c946 (created for IP=219.93.174.108, secure=no) by connection from IP=219.95.247.195, secure=no
[17/Aug/2005 17:06:45] Attempt to hijack Webmail session 3b135b40912ebb6fb33e2c15637edbee (created for IP=219.95.247.195, secure=no) by connection from IP=219.93.174.110, secure=no
[17/Aug/2005 17:06:47] Attempt to hijack Webmail session 3b135b40912ebb6fb33e2c15637edbee (created for IP=219.95.247.195, secure=no) by connection from IP=219.93.174.110, secure=no
[17/Aug/2005 17:06:47] SMTP Spam attack detected from 24.98.185.66, client closed connection before SMTP greeting
[17/Aug/2005 17:07:06] Attempt to hijack Webmail session 61a284a6fb4b1879d1059846becf4e51 (created for IP=219.93.174.110, secure=no) by connection from IP=219.93.174.105, secure=no
[17/Aug/2005 17:07:11] Attempt to hijack Webmail session 61a284a6fb4b1879d1059846becf4e51 (created for IP=219.93.174.110, secure=no) by connection from IP=219.93.174.105, secure=no
[17/Aug/2005 17:07:22] Attempt to hijack Webmail session 61a284a6fb4b1879d1059846becf4e51 (created for IP=219.93.174.110, secure=no) by connection from IP=60.49.39.142, secure=no
[17/Aug/2005 17:07:23] Attempt to hijack Webmail session 61a284a6fb4b1879d1059846becf4e51 (created for IP=219.93.174.110, secure=no) by connection from IP=60.49.39.142, secure=no



ok fine. is there a way to disable this feature ? now i received another branch complain the same thing after i upgrade to ver 6.1
  •  
mrFreeZe

Messages: 11
Karma: 0
Send a private message to this user
Are your clients on a dial-up router with dynamic (changing) ip's ?
  •  
Nicholas.Yong

Messages: 9
Karma: 0
Send a private message to this user
yes. this feature only affect webmail user ..
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
See this thread, it also is about this:
http://forums.kerio.com/index.php?t=msg&goto=25753&S =8496e09a4c8e5bfb9455768153cc82d5

And what exactly is the 'feature' you want disabled?
  •  
Nicholas.Yong

Messages: 9
Karma: 0
Send a private message to this user
yes. this thread is just another repeat question as your last post. last thread we discussed the theory of how 'Attempt to hijack Webmail session' / 'spoofing dectection' works but the diff. here is i want to know how to disable this 'spoofing dectection' feature .. anyone know ?
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Ah, ok. Well, this is not possible, AFAIK.

What you want is basicly some configurable settings specifying what kind of events you want to get logged and what not... Right?

This would be nice indeed. On the other hand, better to log too much then too little. (Even though these things may make the log files somewhat more difficult to read, for example my warning log is swamped with "Connection attempt to service HTTP from IP address x.x.x.x rejected" I could live without.)

If you want to make sure Kerio 'sees' this feature request you should submit a ticket on http://support.kerio.com
  •  
Nicholas.Yong

Messages: 9
Karma: 0
Send a private message to this user
ya.. i understood. beside i'd already submited my ticket in few hours ago... i just hope kerio can give me a solution in shortly because my ears is getting painful to received those non-stop complaint calls..
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
I suppose people are not complaining about log file entries... I did not understand you had also client-side problems.

If the problem is changing IP addresses while having an secure HTTPS connection open, I think this is something that is just not supposed to happen (from a secure server point-of-view). So with or without warning, you're going to lose the connection anyhow...

IS your 'hijacking' also caused by changing IP addresses?
  •  
Nicholas.Yong

Messages: 9
Karma: 0
Send a private message to this user
Quote:


IS your 'hijacking' also caused by changing IP addresses?


yes

Quote:


What you want is basicly some configurable settings specifying what kind of events you want to get logged and what not... Right?


i just want to disable anti-spoofing feature, because it caused my webmail user 'sessionexpire' after reading a mail ..

apologize to make you confuse in the early reply.
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
I am no expert in this, but I think it is just impossible to have one of the endpoints of a secure socket change address without breaking the connection.
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
  •  
peterj

Messages: 852
Karma: 1
Send a private message to this user

Thanks Winkelman...!
  •  
Nicholas.Yong

Messages: 9
Karma: 0
Send a private message to this user
Quote:



Today is your lucky day :d

Edit mailserver.cfg and find:

<table name="Http">
<variable name="SessionExpireTimeout">3600</variable>
<variable name="MaxPostSize">20</variable>
<variable name="CheckSessionClientIp">1</variable>

Change CheckSessionClientIp to 0 and you will stop recieving this error.

Cheers,
Joshua


THANKS!!!!!!!!!! it solved my problem =)
Previous Topic: How can I edit the auto reply messages?
Next Topic: mesage reply
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 14:06:29 CET 2017

Total time taken to generate the page: 0.00506 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.