Security- how can i catch a client who is using unauthorise admin account [closed]

I made a php/mysql project where 40+ employee’s work on it in office and from home. they have a specific level permission. I store login data with IP, location, browser, OS of client. recently someone login using my credential(admin Ac). The IP im getting is ISP real ip not client IP. 3/4 employee resident same area with same ISP. So i am not able to find which one of them 4 employee got my access. any script or any Idea???? so i can catch him?

Answer

You have a few options.

1. You could dig through your data to compare which web browser and operating system is commonly used by each employee. You can then compare this to the data of the unauthorised person. While it may not be concrete, it might point you in the right direction.

2. The next option is to introduce another layer of security. In addition to a password, ask all users to enter additional information.
   For example – you might know their National Insurance (Social Security, if you’re in the US) numbers, so ask them to enter something like the 1st, 5th and 7th characters of that information [to be extra secure, change which characters are requested after each login attempt].

3. If you have the users mobile phone numbers – you could have your system send a text message (or, potentially use email instead), with a code that the user will have to enter. So long as the code was automatically generated – this should also help.

The second and third methods may not help you catch the person who has been logging into your account – but will hopefully prevent them from doing so in future (just make sure you keep whatever information you are verifying with a secret).

I will finalise by saying that – one of the things you should be investigating is – how did one of your users get access to your account in the first place? Do you have a vulnerability in your application allowing users to view passwords? Did you share your login credentials with anyone? Was your password secure enough?

Ultimately – finding and penalizing the culprit is probably going to be difficult without substantial evidence. Focus on fixing the security hole.