2017-03-27 - Re: Mystery ‘Administrative User’?

Header Data

From: José Borges <jo***s@algardata.pt>
Message Hash: f74e2f3f6d486fa302da86e2fb723f84e48535629abd38996c3fb2759ab64c9b
Message ID: <ea5ce57a-f806-45ce-8653-e2ff3c85489c@grasehotspot.org>
Reply To: <070853fa-8cac-4589-be61-671d5d9ff686@grasehotspot.org>
UTC Datetime: 2017-03-27 07:36:09 UTC
Raw Date: Mon, 27 Mar 2017 07:36:09 -0700

Raw message 

the first line is from a AUTOMAC generated voucher, its easy to spot, 
because the voucher username is the MAC address inverted, decapitalized and 
hypen removed.

You should check that you don't have any computer account setup... also, 
try to change the default computer account password for extra security.


segunda-feira, 27 de Março de 2017 às 10:18:14 UTC+1, Glyn escreveu:
>
>
> <https://lh3.googleusercontent.com/-hRNAsNQZEHA/WNjYwFjrXgI/AAAAAAAAAAM/bg0ihBAZtTIaMqeIF0xJk2cdT_bb0XgUwCLcB/s1600/rb-au1.jpg>
>
>
> <https://lh3.googleusercontent.com/-hRNAsNQZEHA/WNjYwFjrXgI/AAAAAAAAAAM/bg0ihBAZtTIaMqeIF0xJk2cdT_bb0XgUwCLcB/s1600/rb-au1.jpg>
> Hi all
> My hotspot has been running well for about 4 months now. It is confiugred 
> for Free Access only with a daily limit of 500Mb and 4 hours per day. There 
> is also one computer account for my phone.
> Over the last couple of days there is a mysterious 'Administrative-User' 
> account showing up in monitor sessions. It is using huge amounts of data 
> and is remaining logged in for days. When I first spotted it I was able to 
> track down the MAC address and then in the user list block and disable, but 
> it seems to have come back now with a MAC address of all zeros. In the 
> attached image is the current monitor sessions screenshot - the business 
> has only just opened, but you can see the od account has been on since last 
> night after i did a reboot to kick them off. When I was at the bar last 
> evening the wifi was very slow and even my unlimited phone access could 
> barely use the system.
>
> any ideas??
>

Thread