Good evening, I’m requesting support for a possible security incident: we accidentally noticed that an unknown user with a Gmail address had manager permission on a event. This person doesn’t have registered for the event and I doesn’t have any notification email about registration as an Indico user (I checked the notification emails). In addition to the name, surname, and email address, the Affiliation field says “security.” Is possible to export access logs or the IP addresses from which a user logs in. The user was created in May 2025 and logged in that same day. Thanks, Simone.
Check their accounts (/user/ID/accounts or navigate there after searching them in the admin/users area). If you have any kind of SSO, then users signing up via SSO do not trigger user profile creation emails.
Also, was the event CREATED by that user? If yes, it sounds simply like a case of a category being configured to let everyone create events in there. If not, check the log of the event (in its management area) of who granted them management access.
Regarding the IP, It’s stored but not shown in the UI. You can get it like this in indico shell (untested code, but should work):
for identity in User.get(ID).identities:
print(identity.last_login_ip)
Hi Adrian, I followed your suggestions and found the IP address, which luckily was internal to the LAN. I also found the user in the meantime. Thanks for your valuable help.Simone.