Home   Help Search Groups Login Register  
You are not logged in. To get the full experience of these forums, we recommend you log in or register
Plusnet Usergroup » All Users - The Open Forum » Plusnet Network and Technical Issues » Spam being recieved on Private e-mail addy
Pages: 1 [2] 3 4 ... 20
  Print  
Author Topic: Spam being recieved on Private e-mail addy  (Read 162559 times)
jelv1

Posts: 2130

« Reply #15 on: May 13, 2007, 09:45:30 pm »

Looking at the range of addresses that I'm seeing spam on, some which have been used for testing just by myself, I am 110% certain that the source of the email addresses being used is Plusnet towers.

jelv
Tam

Posts: 1188


100Mb via Enta.net :D

« Reply #16 on: May 13, 2007, 09:51:51 pm »

Looking at the range of addresses that I'm seeing spam on, some which have been used for testing just by myself, I am 110% certain that the source of the email addresses being used is Plusnet towers.

I'll raise to you 200% its a PN towers list that has been taken.

PlusNet - You did delete the logs off the old mail server kit before you threw it out didnt ya Wink

« Last Edit: May 13, 2007, 09:56:18 pm by Tam »

billbow

Posts: 732


« Reply #17 on: May 13, 2007, 09:56:39 pm »

Me too....

I have a PN email address the default username@username etc which has never been use other than to send myself a test email to/from another account and to receive PN mail shots - got two "ED" emails one at 18.04 the next at 18.11

Bill
MetroNet
jelv1

Posts: 2130

« Reply #18 on: May 13, 2007, 10:01:08 pm »

All mine have been used as a re-direct before...... but not in the last year or two.

I have received spam to a mailbox created 9:45am, Friday 22nd December 2006 (I viewed all tickets, then did a search on the source code of that page).

Looking more closely at the addresses they are all to xxx@username.plus.com, including some where the xxx has only been used with @domainname.yyy.uk (yyy.uk is org.uk  or me.uk).

I have a suspicion that all of them at some stage have been used in webmail - does what everyone else is seeing match that? Email prefixes that haven't been spammed have never been used in webmail.

jelv
mikeb

Posts: 657


« Reply #19 on: May 13, 2007, 10:02:30 pm »

I've had a couple of spams to a couple of my email addresses that I don't normally get spam to. The spams in question all start

"Cheapest ED pills on the net !!"

Is this the same as you're seeing?

Snap !!!!! Grrrrrrrr  angry  The very FIRST and the ONLY spam that I have ever received on my main e-mail address since I started using the PN rather than the F9 one sometime in early 2000 Sad

Something rather more than a bit suspicious here esp if other users are also getting spammed on previously clean or largely unused (or at least not public) addresses.  Who's done what or harvested addresses from where ?

... with extra Grrrrrrrrrrr's just for good measure  angry  angry

Edited to add: Don't think that I've used webmail other than perhaps once or twice many years ago and that was only just to look to see if any mail was in my inbox.  Must have been >5 years ago anyway and I've never sent mail via webmail I'm fairly certain of that.  I always use dial-up either via landline or mobile to access my A/C in the normal way with mr.laptop when I need to check or send mail away from home.

Further edited to add: The one I have appears to have come directly to PN from here:

inetnum:      124.80.80.0 - 124.80.95.255 (Actual IP = 124.80.85.115)
netname:      GINAMHANVITNET-INFRA-KR
descr:        Tbroad Ginam Broadcating Co., Ltd.
country:      KR

but with spoofed text details (helo = ukentertainers.com) and a seemingly appropriate from: field for that domain.  Not an organisation that I have knowingly dealt with in the past ... but then again, on looking, it's just one of those bl**dy free email spamalot sites isn't it !!!! More Grrrrrrrrrrr's  rolleyes
« Last Edit: May 13, 2007, 10:25:11 pm by mikeb »

--
WARNING: The e-mail address on my profile is not my usual address, all messages sent via this site have been redirected elsewhere for test purposes. This could result in messages not being received in a timely manner or potentially not being received at all.
dtomlinson
Plusnet Staff

Posts: 2156


« Reply #20 on: May 13, 2007, 10:14:33 pm »

I have a suspicion that all of them at some stage have been used in webmail - does what everyone else is seeing match that? Email prefixes that haven't been spammed have never been used in webmail.

I had a couple of spams sent to my broadband account, which looking at the last logged in time in webmail I've only ever logged into webmail once in February this year with that username before I received the spams today (that was a username@username... spam). Spoke to someone else who's received a spam to an address that was set up for Fax2Email (faxes@username...) and isn't a seperate mailbox (just uses the catch-all) but hasn't logged into webmail with it.

Regards,

Dave Tomlinson
PlusNet Support
Tam

Posts: 1188


100Mb via Enta.net :D

« Reply #21 on: May 13, 2007, 10:18:33 pm »

I havent used mine (AFAIK) on web-mail.

dtomlinson
Plusnet Staff

Posts: 2156


« Reply #22 on: May 13, 2007, 10:19:37 pm »

If you login in advanced mode on the right hand side it will tell you the last time you logged in if you want to check.

Regards,

Dave Tomlinson
PlusNet Support
scarymonkey

Posts: 1085

WWW
« Reply #23 on: May 13, 2007, 10:40:56 pm »

Dave

Is someone from PN looking into the possibility of a leak/hack?

Also Jelv, though very funny (to me at least), lets not send this thread into a helicopter/tin foil hat loop please.

Vince Marsters
jelv1

Posts: 2130

« Reply #24 on: May 13, 2007, 10:47:51 pm »

I wasn't joking - it is obvious there has been a serious security breach.

jelv
dtomlinson
Plusnet Staff

Posts: 2156


« Reply #25 on: May 13, 2007, 11:01:13 pm »

No possibility is being discounted at this point. It's understandable that people are concerned because of the pattern of the spams that has been seen but at the same time it's difficult to put together a pattern because there are examples that don't fit what you would expect.

For example, not every account has logged into webmail and some of the spam has been sent to addresses other than mailboxes/redirects/aliases/postmaster@/username@ and some to domains rather than plus.com/f9.co.uk addresses.

By all means look for patterns in the spams and as I say we're looking/going to be looking into every possibility our side to ensure we can do everything we can.

Regards,

Dave Tomlinson
PlusNet Support
Matt_2k34

Posts: 387

« Reply #26 on: May 14, 2007, 12:59:34 am »

yep i got two Spam mails

One "ED pills" and i didnt bother with the other, was clearly spam.

not sure about the other accounts on my username, but mines not a catchall, nor is it the 'main' mailbox, we do have Fax2email set up (I THINK!) but that doesnt go to my mailbox.

slightly concerned as to who has been looking at this many emails...

 evil -- im a @plus.net user,  -- lets just hope the new kit can handle a Spam attack on a grand scale, if it's a mole it looks like they could be heading for the headlights of PN's car (hopefully!) grin

-----------
=)
Graham W

Posts: 73


WWW
« Reply #27 on: May 14, 2007, 02:11:03 am »

...

One "ED pills" and i didnt bother with the other, was clearly spam.

...

Is this "ED pills" in the subject line or the body of the email?
kitz

Posts: 4323

WWW
« Reply #28 on: May 14, 2007, 02:36:24 am »

Also got some of these this eve to username@username. I dont really use webmail so doubt if its that, forums is a possibility. 

It does however seem that this may have had an impact on general mail services too, causing delays for genuine mail 
I raised a ticket this evening (bleeding stuck bRAS again!!!) and Ive only just received mail notification - 6 hours later! :/

Quote
Delivery-date: Mon, 14 May 2007 00:15:17 +0000
Received: from pih-relay05.plus.net ([212.159.14.132])
          by pih-sunmxcore16.plus.net with esmtp (PlusNet MXCore v2.00) id 1HnHtw-0001KZ-Vl
          for me@me.plus.com; Sun, 13 May 2007 17:30:34 +0000
Received: from [192.168.230.20] (helo=portal10.plus.net)
         by pih-relay05.plus.net with esmtp (Exim) id 1HnHoA-0001UX-L0
        for me@me.plus.com; Sun, 13 May 2007 18:24:34 +0100
Received: from www-data by portal10.plus.net with local (Exim 4.63)
        (envelope-from <support@plus.net>)
        id 1HnHoA-00024H-JL
        for me@me.plus.com; Sun, 13 May 2007 18:24:34 +0100
To: me@me.plus.com
Subject: PlusNet - Thank you for your Question!


Dont forget the Geeks!
kitz 2005
dtomlinson
Plusnet Staff

Posts: 2156


« Reply #29 on: May 14, 2007, 03:39:43 am »

Is this "ED pills" in the subject line or the body of the email?


In the body of the mail, screenshot of one of the ones I've received attached. Subject and sender address are different every time as is the random text.

Regards,

Dave Tomlinson
PlusNet Support
Pages: 1 [2] 3 4 ... 20
  Print  
 
Jump to: