Home   Help Search Groups Login Register  
You are not logged in. To get the full experience of these forums, we recommend you log in or register
Plusnet Usergroup » All Users - The Open Forum » Plusnet Network and Technical Issues » Spam being recieved on Private e-mail addy
Pages: 1 ... 8 9 [10] 11 12 ... 20
  Print  
Author Topic: Spam being recieved on Private e-mail addy  (Read 163002 times)
Peak1

Posts: 4

« Reply #135 on: May 15, 2007, 05:33:49 pm »

I'm not trying to play down the seriousness at all.  But, really, the damage they could do on the Portal is, thankfully, fairly limited.

Liam,

They may not be able to do much damage to my PN account but given the name, address and sort code they have a good head start on causing a lot of damage to my finances.

Mark
LC100

Posts: 283

« Reply #136 on: May 15, 2007, 06:33:20 pm »

Hi

One wonders if it is about time PlusNet dropped the PHP/MySQL databases and open source approach to their portals and webmail?

Working in IT doing websites for a living I've seen similar problems with PHP/Perl/MySQL being compromised in one way or the other where newer .NET/ASP/ASP.NET/MS SQL based sites have not succumbed to any problems and shrugged of various attacks. Yes Microsoft products do have security holes and cost money to licence but in my opinion are easier to plug and problems are much better publicised.  Open source of course isn't free as PlusNet will be realising now they are finding the hidden cost of it, problems such as this.  A move away from open source might also help PlusNet fill their developer vacancies.
strokedriver

Posts: 51

« Reply #137 on: May 15, 2007, 06:34:29 pm »

Another oddity, one of the mailbox addresses now being used was deleted months ago.
How did they get hold of that?
scarymonkey

Posts: 1085

WWW
« Reply #138 on: May 15, 2007, 06:35:24 pm »

It existed in the webmail database as a used address.

Vince Marsters
LC100

Posts: 283

« Reply #139 on: May 15, 2007, 06:40:48 pm »

Hi

Just seen several attempts sending to username@username.plus.com, these weren't stopped by an open relay check but were stopped as running my own SMTP I've got the connection dropping immediately it sees the RCTP, as luckily I don't use username@username.plus.com for anything.

There has been a several fold increase in connection attempts that have been blocked due to being from known open relays which I can only guess were also heading to username@.

Thankfully having my own SMTP server has given me control to cut of completely any attempts to send me the SPAM, not everyone though is that lucky, well they may be of course if they are with a completely different ISP.  rolleyes

Tam

Posts: 1188


100Mb via Enta.net :D

« Reply #140 on: May 15, 2007, 06:44:26 pm »

Best thing that PlusNet can do now is to monitor e-mail addys hit from the leaked e-mails (where the only e-mail now received is going to be spam) and create an automated script to add it straight to their blacklist of IP's and log with spamcop and the like.


Least this would slow the spammers down because as soon as they are sending, they are being blacklisted.

scarymonkey

Posts: 1085

WWW
« Reply #141 on: May 15, 2007, 07:33:09 pm »

Tam, although you might only now get spam to those email addresses, it doesn't mean that will apply to everyone. Not PN related but my domain is heavily spammed (after being compromised years ago), including my main email address. I still use this but with effective anti-spam measures of my own.

A blanket blacklisting would have potentialy worse effects for many than some spam emails.

Vince Marsters
Tam

Posts: 1188


100Mb via Enta.net :D

« Reply #142 on: May 15, 2007, 07:52:02 pm »

Tam, although you might only now get spam to those email addresses, it doesn't mean that will apply to everyone. Not PN related but my domain is heavily spammed (after being compromised years ago), including my main email address. I still use this but with effective anti-spam measures of my own.

A blanket blacklisting would have potentialy worse effects for many than some spam emails.

Nope .... think about it..

for example ... my  plusnet@account_name.plus.com  has been compromised. Nothing has EVER been delivered to this account until 2 days ago. I will certainly NEVER give that address out. PlusNet might as well monitor it, and as and when a mail is delivered to it, spam it and log it to block others getting through to other accounts.

Multiply it to every other account that has the exactly the same issue/setup as me, and you can see pretty easily block the spammers habits quite effectively.

jelv1

Posts: 2130

« Reply #143 on: May 15, 2007, 08:04:01 pm »

I could give you 8 email addresses in the format something@username.plus.com which are being spammed which should never get any emails. What is being suggested is very similar to the honeypot email addresses that the likes of spamcop use.

We could set up redirects to a specific email address akin the the blackhole@abuse.plus.com - anything received to that add to a blacklist.

jelv
jelv1

Posts: 2130

« Reply #144 on: May 15, 2007, 08:06:47 pm »

It appears from a post on the portal forums that the webmail server was attacked on or before Friday 4th May. Linky

Would someone from Plusnet care to comment?

jelv
LC100

Posts: 283

« Reply #145 on: May 15, 2007, 08:13:35 pm »

Hi

Well I've gone to change my password as a precaution and incredibly I am prevented from entering anything really secure, as it validates to:

The password you entered was not valid. Your password must begin with a letter and contain only lowercase letters and/or numbers. It must be between 5 and 8 characters in length.

Come on PlusNet, your security is absolutely hopeless, we have security leaks left right and center from you and then when told to change a password can't use really secure ones.  Eight characters maximum, must start with a letter and lowercase only is plain stupid, what sort of ISP are you? angry  I can't honestly believe it anymore.

scarymonkey

Posts: 1085

WWW
« Reply #146 on: May 15, 2007, 08:24:26 pm »

Tam, although you might only now get spam to those email addresses, it doesn't mean that will apply to everyone. Not PN related but my domain is heavily spammed (after being compromised years ago), including my main email address. I still use this but with effective anti-spam measures of my own.

A blanket blacklisting would have potentialy worse effects for many than some spam emails.

Nope .... think about it..

for example ... my  plusnet@account_name.plus.com  has been compromised. Nothing has EVER been delivered to this account until 2 days ago. I will certainly NEVER give that address out. PlusNet might as well monitor it, and as and when a mail is delivered to it, spam it and log it to block others getting through to other accounts.

Multiply it to every other account that has the exactly the same issue/setup as me, and you can see pretty easily block the spammers habits quite effectively.


I did think about and suggest you do too.

In your case they could monitor it but in the case of my mother they couldn't as she will still be using the email address. The blanket approach you have suggested (unless you mean a customer would need to turn it on for their account) will effectively remove email addresses from people regardless of if they are using them or not.

Vince Marsters
pjmarsh
Usergroup Member

Posts: 1238


WWW
« Reply #147 on: May 15, 2007, 08:31:27 pm »

Vince, I think what they are suggesting is that only certain accounts are used as the honeypot, with the emails they receive being used as info to blacklist the senders, or to train the spam filters for the entire platform.  So that when the same spam is sent to another mailbox, such as your mothers, the platform will block the spam before it gets to the mailbox.

Tam, Have I understood you right?

Phil

edit: typo
« Last Edit: May 15, 2007, 08:35:33 pm by pjmarsh »
jelv1

Posts: 2130

« Reply #148 on: May 15, 2007, 08:34:26 pm »

Tam is not suggesting that it is turned on across the board. There are numerous postings about email addresses being spammed that have been used eons ago in webmail and are now no longer used. If those email addresses are monitored it would yield the IP addresses of the compromised PCs sending the spam. These could then be blacklisted which would prevent some of the spam getting to your mother.

It's the best (if not the only) sensible suggestion to combat this problem that I've seen.

Edit: Spelling

jelv
Laser

Posts: 44

« Reply #149 on: May 15, 2007, 08:41:25 pm »

Is it just me, or are the spam mails now starting to NOT get tagged as -SPAM-?

All the early ones were clearly tagged, now I get a mix. Should I forward these to the spam-filter trainer, or will that make matters worse?


BTW, is there any way to have the PN system just delete SPAM-detected mails? The last time I tried it I just got warnings from PN saying stuff had been quarantined.
Pages: 1 ... 8 9 [10] 11 12 ... 20
  Print  
 
Jump to: