Dear Xibo,
I looked into my Sessions in my test CMS and I’ve been surprised, there are lots of active IPs… does this mean that my cms has been hacked?
How many people should have access to this CMS?
There are indeed several active sessions, if you should be the only one with access, then something does not feel right, there are 4 unique IP addresses there, I obviously do not know how many people suppose to have access to your CMS.
You can also check the Audit Trail page to see what actions were made by those users.
If you suspect that someone gained unauthorized access, then you should change your password of course.
This CMS is used by me only.
Its strange that I cant see any user name in session list by this suspicious IPs. There is more then 4 IPs in list and it about 10 access every hour.
But in Audit trail I see steps done by me only. So maybe in the list are all acceses on login page?
Is your Xibo installation externally facing? Can you place it behind a firewall?
If not, I would change the default username as well as using a secure password.
Hi,
I’ve got the exactly the same problem !
A lot of unknows IP are “active”.
I’m the only one to be authorized to connect on cms.
I’ve deleted the xibo-admin account, I’ve reinforce my password, set up the firewall from my VPS supplier but they are still these unwanted IP… They are located everywhere in the world.
Did you solve your problem ?
If there are no “user name” does it mean that they were not able to connect in cms ?
In a nuttshell is it really dangerous ?
PS : the adress of my VPS is not a domain name but ip adress