For a couple of months now, line items are being automatically deleted in many of our debit notes, purchase invoices and delivery notes. Sometimes random new entries are being created without any manual input. Miscellaneous receipts and payment entries are also appearing in some of user accounts. We have been manually correcting them, assuming that it is human error but now it certainly appears that it isn’t.
Is there a logical explanation for this to happen? We use the Cloud version and have several users configured with varying permissions. None of the users (except the admin) have delete permissions for any function, so none of the entries are deleted. However, they are randomly created and updated, causing havoc and requiring hours of manual correction.
Sadly the problem is now so big (we have some 11000 odd items in our inventory) that we are considering alternative solutions. We hope we won’t have to switch.
Thanks, @Tut and @Ealfardan . That has been our thinking as well, that the access has been compromised in some way. Is there a way of identifying the IP addresses from where the users login? All of our users access the cloud through known IP addresses at our location, so that might help us identify if there are ‘unknown actors’.
History reveals that certain users have updated the records, but on verification it doesn’t seem to be the case, hence the confusion. We had earlier deleted certain users and added new ones to see if the problem persists, and it does.
The attached screenshot is what the problem looks like.
The history records only one user as having created and modified the record. But the user confirms that the deletions weren’t deliberate.
@Ealfardan we have done the logging out a few times recently, and have created new users a few times as well, but the problem has remained. Is there a possibility of the machine being compromised, say by a virus?
You actually could not tell that from the History file. When something is undone in either the main History file or the subsidiary History list for a transaction, it is as though it never occurred. So, let’s say someone maliciously changed a transaction, then went to the History file and undid the change. There would be no record. But the change would also no longer be affecting the transaction. This is different from a deletion, which would show in History.
The fact that these problems show up in History means the program is functioning as designed. (The imperfection of detecting unauthorized use of Undo is a different issue.) Someone is entering these changes. The question is who. Have you filtered by user? (The first of the dropdown filter menus at the top of the History list.) Although the user is listed in the History file listing, you might see patterns related to the affected transactions if you examined each user’s history in isolation.
Yes! That’s what I originally meant by your being hacked.
We had indeed filtered by user to see if we notice patterns, all we could tell at the time was that there was a series of such random activities at a certain time of day. The pattern has stopped now, and the damage has become difficult to spot (records related to previous months being deleted/modified etc). Our original diagnosis was that someone was actively disrupting the system. Glad to hear that it isn’t bug or system glitch.
