Home   Help Search Groups Login Register  
You are not logged in. To get the full experience of these forums, we recommend you log in or register
Plusnet Usergroup » All Users - The Open Forum » Plusnet Network and Technical Issues » Spam being recieved on Private e-mail addy
Pages: 1 ... 6 7 [8] 9 10 ... 20
  Print  
Author Topic: Spam being recieved on Private e-mail addy  (Read 162546 times)
mikeb

Posts: 657


« Reply #105 on: May 15, 2007, 12:02:50 pm »

Oh yes indeedy, yet more and more of that luverly spam.  yum.yum.yum.

Given that this is a publicly-accessible forum that kids of any age can view, I don't feel it's appropriate to include the sort of detail (starred or not) that appears in Post 101 above.

Perhaps such references could be modified somewhat?

We're all substantially teed off with this situation (which appears to be getting worse in terms of volume of related spam currently being received) but that doesn't make it necessary to go into graphic detail of the spam content.

Just my thoughts Sad

Penny.

I sort of agree with you but then again I don't think that PN should have allowed such a breach of data that has resulted in such information AND without any of the ***'s being sent to a huge number of people who most certainly should NOT be subjected to such language.  I'm really looking forward to explaining just WTF is going on to my 80 year old mum and various youngsters who are now being sent this [Censored] through no fault of mine if I can't manage to trap it all before it gets seen. 

This might be a public forum but it is also (generally speaking) a place where people know about this kinda thing and have no doubt seen it all before in any case.  If you are not happy about seeing such things on here even when suitably censored, just consider how unhappy some people are when such inappropriate information is being freely sent in copious quantities and explicit detail directly to VERY inappropriate recipients.

And still no 'official' word from PN and still no contact from PN just lots of poncing about, rumours and half stories all over the place.  Come on PN, get @rse into gear and make a single, consistent formal statement in one place so that everyone knows exactly what the score is and just how bad the situation is or is likely to get. 

I'm sorry but I will not modify the post that is causing 'offence' as I consider it suitably censored already.  If PN or one of the MODS considers it necessary to do so then that's fine by me PROVIDING that they also take it upon themselves to edit and/or delete all the REALLY offensive [Censored] that I am now receiving on all my e-mail accounts as well.
« Last Edit: May 15, 2007, 12:18:07 pm by mikeb »

--
WARNING: The e-mail address on my profile is not my usual address, all messages sent via this site have been redirected elsewhere for test purposes. This could result in messages not being received in a timely manner or potentially not being received at all.
LC100

Posts: 283

« Reply #106 on: May 15, 2007, 12:35:32 pm »

Hi

Quote
Just sent from webmail I think

As others have pointed it can't be.  I haven't used webmail for years and have my own SMTP server, and don't receive email via Webmail from any other PlusNet member.

XPC exiled in NZ

Posts: 1382

« Reply #107 on: May 15, 2007, 12:42:44 pm »

Hi

Quote
Just sent from webmail I think

As others have pointed it can't be.  I haven't used webmail for years and have my own SMTP server, and don't receive email via Webmail from any other PlusNet member.



A few posts back there was a quote from another forum where Bob (I think) was asking for details of any addresses NOT linked connected some way with webmail (presumably to check this was the method used). I am guessing that they will run the suspected address against the webmail logs and check if it appears anywhere. If it does, then they know it is webmail, if it doesn't then they know they have to look elsewhere.

I suggest you send all the affected addresses to Bob, for him to check for you. It will help them find the leak definitively and make sre it is fully closed. If they have a different hole too, they will want to know about it ASAP.

<edited to correct "Bon" to "Bob">
« Last Edit: May 15, 2007, 01:33:14 pm by xpcomputers »
Tam

Posts: 1188


100Mb via Enta.net :D

« Reply #108 on: May 15, 2007, 12:48:58 pm »

A few posts back there was a quote from another forum where Bon (I think) was asking for details of any addresses NOT linked connected some way with webmail (presumably to check this was the method used). I am guessing that they will run the suspected address against the webmail logs and check if it appears anywhere. If it does, then they know it is webmail, if it doesn't then they know they have to look elsewhere.

I suggest you send all the affected addresses to Bon, for him to check for you. It will help them find the leak definitively and make sre it is fully closed. If they have a different hole too, they will want to know about it ASAP.



It was Bob Pullen  - PN staff http://usergroup.plus.net/forum/index.php?action=profile;u=90

Original Post is here http://bbs.adslguide.org.uk/showthreaded.php?Cat=&Board=plusnet&Number=3000543

mikeb

Posts: 657


« Reply #109 on: May 15, 2007, 12:54:41 pm »

I suggest you send all the affected addresses to Bon, for him to check for you. It will help them find the leak definitively and make sre it is fully closed. If they have a different hole too, they will want to know about it ASAP.

I think you might mean 'Bob' and I would love to BUT the problem is that PN are handling this problem in their usual stupid and spread_about_all_over_place kinda way so I have no idea exactly WHO the info should be sent to or exactly WHERE that person is actually hanging out and so on.  As the quote was from elsewhere I presume they're not hanging out here.

FFS will someone at PN start handling this in one single place so that everyone can follow it and respond with stuff that could be helpful in resolving the problem  angry  I for one have got far better things to do than spend all day trying to find which one of several different places has some relevant info posted on it.  I gather there is a big discussion on the portal forums but I wouldn't go within a 100 yards of them again even using someone else's personal data !!!!!

--
WARNING: The e-mail address on my profile is not my usual address, all messages sent via this site have been redirected elsewhere for test purposes. This could result in messages not being received in a timely manner or potentially not being received at all.
mikeb

Posts: 657


« Reply #110 on: May 15, 2007, 12:59:15 pm »


Thank you.  Nice to see that all the action is going on on a non-PN related site and a site that PN had vowed to stay away from isn't it  rolleyes  However, I presume I can PM Bob from his profile on here so will do so in a mo.

--
WARNING: The e-mail address on my profile is not my usual address, all messages sent via this site have been redirected elsewhere for test purposes. This could result in messages not being received in a timely manner or potentially not being received at all.
Tam

Posts: 1188


100Mb via Enta.net :D

« Reply #111 on: May 15, 2007, 01:05:52 pm »

I have to be honest and say i agree with what rsharma says as follows:

The TBB news article states that PN have confirmed that no other details except for emails have been compromised: http://www.thinkbroadband.com/news/i/3083.html

Although deeply frustrating for many people, a loss of an email address (or many) has to be accepted now. Ideally I would suggest that you start changing them where possible because there is little PN will be able to do. You then have to wait for an explanation, but it seems likely to be a webmail issue and probably linked to what happened last week. There were reports of a trojan on the webmail platform and being redirected to unacceptable sites.

What is more concerning, however, is whether the breach of webmail has allowed the third party to access not only PN email accounts but also email addresses of those that have been emailed using the service. If that is confirmed it will be a much bigger problem (not that it isn't serious now) as you might have to explain to your contacts why they too are receiving spam. The other problem might well be even more serious for those that use a personal domain name in that they might well end up on the spam database, that many ISPs/people check against, if the spammers start using the forged email addresses to send out even more spam to others. It will also increase NDR traffic to your domain name and email address.

Although some big names, including financial institutions, have fallen foul of security, PN seem to be more prone to this kind of thing. This will be the fourth serious incident in the last year associated with their (lack of) security.


linky - http://bbs.adslguide.org.uk/showthreaded.php?Cat=&Board=plusnet&Number=3001530


Basically, put up with the spam for a few days while you let everyone know about a new address you will be using. Then  trash your current e-mail address as there is no way to stop the spam you will now get (it will only get worse as the person with the list sells it on to others). Looks like PN will need the additional servers now what with this increase in spam.




Penny

Posts: 1781


WWW
« Reply #112 on: May 15, 2007, 01:38:45 pm »

FFS will someone at PN start handling this in one single place so that everyone can follow it and respond with stuff that could be helpful in resolving the problem  angry 

Agreed.

Given that the PUG forums are ideal for this (and that all affected parties can post here as well as read) and that much of the related data is already collected here, could this not be initiated immediately?

Basically, put up with the spam for a few days while you let everyone know about a new address you will be using. Then  trash your current e-mail address as there is no way to stop the spam you will now get (it will only get worse as the person with the list sells it on to others). Looks like PN will need the additional servers now what with this increase in spam.

Might this perhaps be the right time to implement the already-scheduled-for-some-time-in-the-future blackholing of default mail, with all affected customers advised that the blackhole will come into effect on xxxx date and that they need to set up new mailboxes and new mailbox re-directs with immediate effect and advise all their contacts of the changed addresses?

An unbelievable inconvenience for customers  rolleyes but given that the horse seems to have already left the stable, I don't currently see many alternatives.

It might also be time for PN to get around to dealing with PUGIT 116, with some urgency.

Regards,

Penny.

Penny Rollo       Force 9 from 17/02/98       PlusNet from 2000 onwards     
Project HappyChild - free maths worksheets, free French-English
worksheets and 12 other languages http://www.happychild.org.uk
personal site www.pennymidasrollo.plus.com
mikeb

Posts: 657


« Reply #113 on: May 15, 2007, 01:44:52 pm »

Basically, put up with the spam for a few days while you let everyone know about a new address you will be using.

... and I'm rapidly coming to the conclusion that it's going to be of the form My_Name@My_Account.At_Another_ISP.com    Changing e-mail addresses that have been in very frequent use world-wide for around 10 years is such a complete PITA but it does present the ideal opportunity to change the whole d@mn thing rather than just the bit before the '@' doesn't it and without anything much in the way of added pain.
« Last Edit: May 15, 2007, 01:46:29 pm by mikeb »

--
WARNING: The e-mail address on my profile is not my usual address, all messages sent via this site have been redirected elsewhere for test purposes. This could result in messages not being received in a timely manner or potentially not being received at all.
XPC exiled in NZ

Posts: 1382

« Reply #114 on: May 15, 2007, 02:01:13 pm »

A few posts back there was a quote from another forum where Bon (I think) was asking for details of any addresses NOT linked connected some way with webmail (presumably to check this was the method used). I am guessing that they will run the suspected address against the webmail logs and check if it appears anywhere. If it does, then they know it is webmail, if it doesn't then they know they have to look elsewhere.

I suggest you send all the affected addresses to Bon, for him to check for you. It will help them find the leak definitively and make sre it is fully closed. If they have a different hole too, they will want to know about it ASAP.



It was Bob Pullen  - PN staff http://usergroup.plus.net/forum/index.php?action=profile;u=90

Original Post is here http://bbs.adslguide.org.uk/showthreaded.php?Cat=&Board=plusnet&Number=3000543

It was Bob I was thinking, but my fingers are clearly typing funny this afternoon! I really don't know how I typed it wrong twice, but the "N" is right next to the "B"!

I have PM'd him my email addresses that I think have not been in the webmail system... no doubt I am wrong though, and I will find that I tested these addresses from webmail at some time or other... but I don't remember it! Unless, they managed to scrape up the emails themselves from webmail, as the router one must have featured in my webmail account as it gets redirected to my main mailbox, which would probably have been seen in my webmail on a few occasions I use it.
lmartin

Posts: 1404


Comms Team

« Reply #115 on: May 15, 2007, 02:41:40 pm »

FYI, The following email is in the process of being sent to all customers identified as potentially affected by the mentioned trojan vulnerability.

Service Status will be updated shortly with further information on the email address issue.

Quote
Username: {username}

Dear Customer,

This email contains important information about a recent problem with our Webmail system which may have affected you.

PlusNet takes its customers' security very seriously.

It has come to our attention that a number of customer email addresses have been obtained illegally by a third party. No other personal information, including credit card details, has been disclosed. As a result, some of our customers have experienced increased levels of spam to their email addresses. We notified customers of this on our website last night  http://usertools.plus.net/status/archive/1179136452.htm

We have also identified that a small number of customers may have been affected by a Trojan virus. There has been no compromise of your personal details or credit card data held by us.

Our records and network monitoring indicate that there is a small chance that your PC may have become infected with a Trojan virus. While we would stress that the threat is minimal, we would ask you to take the following steps in order to ensure that any potential risk to your system is mitigated:

1. Ensure that your system is fully up to date by running a Windows Update. Do this by selecting Windows Update; from the Tools menu at the top of an Internet Explorer window. You should ensure that you have all critical updates installed as a minimum.

2. Run an online virus checker such as the Trend Micro tool at: http://housecall.trendmicro.com/ This free checker will identify if the malware discussed in this email has affected your PC, and allows for its removal.

3. If you do not currently use an Anti-Virus program, we strongly recommend the use of an up-to-date application such as the free version of AVG Antivirus, available from their website at  http://free.grisoft.com . You can find more information about On-Line security on our support website at:
http://www.plus.net/support/security/viruses/infection.shtml


Customers who are protected by up-to-date Antivirus software, or who have Windows Operating Systems with recent updates installed will be unaffected by this problem, as will users of non-Microsoft operating systems such as Apple Mac OSX; or Linux. More details about the Microsoft vulnerability involved here can be found at http://www.microsoft.com/technet/security/Bulletin/MS06-040.mspx

We would like to reassure you that we take the security and online safety of our customers very seriously. 

Please accept our sincere apologies for any concern this email may cause you. If the steps detailed above are followed then any risk that you may have been affected will be eliminated.

To validate the authenticity of this email, you can find a copy attached as a Service Notice on your account. To view this, please visit the Help and Support section of our website and click on My Questions.

Kind Regards,

Phil Webb
Networks Director
PlusNet

http://portal.plus.net

--
This email has been sent as it contains important information about your service from PlusNet. Please do not reply to this email, as this is an unmonitored address.

PlusNet plc
Registered Office: Internet House, 2 Tenter Street, Sheffield, S1 4BY Registered in England no: 3279013

Liam Martin
PlusNet Comms Team
RogN

Posts: 21

« Reply #116 on: May 15, 2007, 02:50:10 pm »

"We would like to reassure you that we take the security and online safety of our customers very seriously."

If you say it often enough people do believe anything. There is not a shred of evidence in this email, and plenty over the past 2 days, to suggest something vastly different.
bpullen
Plusnet Staff

Posts: 1980


WWW
« Reply #117 on: May 15, 2007, 03:51:07 pm »

Hi all,

The latest Service Status has just been published to the portal. You can see a copy here.

It's a little more detailed and hopefully answers a few questions however there's still certain aspects we're unable to discuss whilst our investigations continue.

Kind Rgds,

wildmind
Guest
« Reply #118 on: May 15, 2007, 04:01:03 pm »

Hmmmm.....

If the spammer didn't use the database for 6 months would we have been informed of this breach?

Gotta admit that I have completely lost trust in the security of PNs systems with this as it really doesn't leave me with any confidence at all Sad
Oldjim

Posts: 1016

« Reply #119 on: May 15, 2007, 04:07:55 pm »

I am confused.
The link provided in the service status says this
Quote
If you change this password you will also need to update the password on your broadband modem or router, or you will not be able to connect to the Internet. This password change does not affect passwords for any mailboxes you have set up.
but the passwords/accounts which have been compromised are from webmail and you need the email password to access that.
So what may have been compromised - account password, email password or both.
Pages: 1 ... 6 7 [8] 9 10 ... 20
  Print  
 
Jump to: