Admin hack?

i have messages in the form of “i have an active lobby and set a password that noone else knows, but there are users connecting”
or “if i disconnect with setted password, i cannot return, because someone else has changed the room password”
and “anyone can use the mute all button”.
The Server has authentication enabled and just Teachers have an login.
I supposed that a Teachers password was leaked.
Is there any other explanation than that?
How can i log, which authenticated participants where in which channels at what time?

but shouldnt it be impossible for a non authenticated user to change the Password anyway?

When the moderator disconnects, Jitsi automaticly set another participant as the moderator.

This can be prevented by adding org.jitsi.jicofo.DISABLE_AUTO_OWNER=true to /etc/jitsi/jicofo/ but this is not a good idea if you haven’t already an authentication mechanism

the server shows “waiting for admin” if someone connects to a new conference,
so there already is an auth.

The only immediate explanation I can think of is the one you gave already - someone got a hold of a teacher’s credentials and they’re using it to prank. If that’s the case, I think there are two options for you at this point:

  1. Recreate the user accounts for all teachers (this of course could be quite a task, depending on how many teachers you have)
  2. Try and get a list of the participants in any of the meetings where this happened and see if there’s another teacher’s account registered in the meeting other than the one you expect to be there. Then you can just recreate that one account

What do i have to do for option 2?
Where do i have to enable what kind of logging? and/or in what logfile i have to search for what?
i have about 100 teachers and about 120conferences with about 2000 participiants within 5 hours.