Question Track who changed an email password and when

finbarr69 · Mar 1, 2021

Hi,

Just had one of my customers return from a week off to find their email password was changed. It wasn't me, and we don't believe it was their boss, so suspecting foul play (although there appears to be no sign of anything malicious, so may have been an accidental password change by the user when they turned on their out of office message in the webmail).

Is there a log of user password changes in Plesk, with a record of the IP address it was changed from?

If not, is there an add-on that could record any future password changes?

Thanks

Brian

Jose Maria Sarachaga · Oct 12, 2021

Today i have this problem, change of passwords of all accounts in a domain, this looks malicious to me

Monty · Oct 12, 2021

You can see all actions that are performed via Plesk in the Plesk Action Log:
Tools & Settings => Action Log

Password changes are recorded there like this:
IP.IP.IP.IP <PLESK-USER> [2021-10-12 17:06:43] 'Update Mailname' ('Client GUID': 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' => 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx', 'Domain GUID': 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' => 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx', 'Mail preferences': 'false' => 'true', 'Mailname': '[email protected]' => '[email protected]', 'Password': '++++++' => 'xxxxxx')

There is also a new extension by Plesk that will display the action log in a nice format:

Action Log - Plesk Extensions

ext.plesk.com

Question Track who changed an email password and when

finbarr69

Basic Pleskian

Jose Maria Sarachaga

New Pleskian

Monty

Silver Pleskian

Action Log - Plesk Extensions

Similar threads