Home   Help Search Groups Login Register  
You are not logged in. To get the full experience of these forums, we recommend you log in or register
Plusnet Usergroup » All Users - The Open Forum » Plusnet Network and Technical Issues » Spam being recieved on Private e-mail addy
Pages: 1 ... 12 13 [14] 15 16 ... 20
  Print  
Author Topic: Spam being recieved on Private e-mail addy  (Read 162556 times)
jelv1

Posts: 2130

« Reply #195 on: May 16, 2007, 03:33:15 pm »

Because the spammers are using botnets, the emails are arriving from a variety of IP addresses. I'm not sure if it has determined how many different IPs are involved in each run.

jelv
RonSlicker

Posts: 165

« Reply #196 on: May 16, 2007, 03:45:28 pm »

Because the spammers are using botnets, the emails are arriving from a variety of IP addresses. I'm not sure if it has determined how many different IPs are involved in each run.

My note regarding spam containing references to Photoshop (previous to John's above), Spamcop shows that they have originated from at least five different sources. China, Romania, Poland, Mexico and Czeckoslovakia.
« Last Edit: May 16, 2007, 04:05:57 pm by RonSlicker »
simonflood

Posts: 88

« Reply #197 on: May 16, 2007, 05:07:25 pm »

Well firstly thanks PlusNet for undoing the good work I'd done to not receive spam to my PlusNet e-mail addresses!

After the last e-mail fiasco (loss of e-mail) I bought myself a domain and set up e-mail aliases that then pointed at my PlusNet mailboxes.  Now I'm getting spam directly to my PlusNet mailboxes and via the aliases.  Oh and also to the postmaster mailbox.  Embarrassingly my Mother-in-law is also getting spam to all her mailboxes.

Anyway now I'm getting spam I thought I'd better turn the spam protection back on (I'd turned it off after getting deluged with non-spam messages tagged as spam after another "problem").  Trouble is the spam is still getting through.

Since PlusNet have revealed my addresses to the world I at least now expect their spam filter to stop the spam getting through to me.  Perhaps they've been compromised too?

Simon
RonSlicker

Posts: 165

« Reply #198 on: May 16, 2007, 06:11:31 pm »

Quote
Since PlusNet have revealed my addresses to the world I at least now expect their spam filter to stop the spam getting through to me.  Perhaps they've been compromised too?

Unless I've misunderstood the way it works, the spam checker doesn't function as a filter, just a tagging device so you can easily see what's probably spam.
ccotterill
Plusnet Staff

Posts: 251


« Reply #199 on: May 16, 2007, 06:14:54 pm »

This is a copy of the email that we have just started sending to our entire customer base:


Username: <username>

Dear <realname>,

This email contains important information about a problem with our Webmail service which may have lead to your email address being exposed to a spammer.

If you are affected by this, you may have noticed an increase in the amount of spam received since Sunday 13th May. This includes spam to email addresses that were previously spam-free. This increase in spam is a result of a security issue on our Webmail service. You can read about this on the Service Status pages of the PlusNet Usertools website.

I would like to make it clear that the Webmail platform is separate to the systems we use for storing personal information such as credit card numbers and none of this type of information has been exposed as a result of this issue. However, purely as a precaution we would advise you to change your account password by visiting the Member Centre then clicking Account Details then Change Password.
Please note if you change your account password this will need to be updated in your router or modem as well as your browser and email software.

I am extremely sorry that a malicious third party has managed to gain a list of email addresses from one of our Webmail servers. On behalf of PlusNet I would like to sincerely apologise to you for this security breach and the increase in offensive spam emails that may now be affecting your email address. We understand how annoying and upsetting spam email can be and we are treating this with the utmost seriousness. My team and I will continue to work round the clock to reduce the inconvenience caused to you by this problem as much as we can.

When we learned of the attack on our Webmail service, we identified the source of the vulnerability and implemented a fix as quickly as possible. However, following a full audit of our Webmail service we identified a number of additional security vulnerabilities that it has not been possible to patch. While these potential vulnerabilities have not been exploited, we are not prepared to compromise on customer security so we have removed our Webmail service.

We intend to replace our current Webmail system as quickly as we can, and this is one of the next priorities for my team at this time. In the mean time, if you use Webmail to check your PlusNet email from your own PC, you might find it more convenient to use an email program which runs on your PC instead. You can find information about setting up most popular email programs here.

If you have been receiving spam email to any of your mailboxes, then you could also reduce this by taking some or all of the actions recommended here.


This incident has highlighted the importance of keeping systems as secure as possible. It is important to ensure that you always have the latest operating system updates and patches installed. Windows users can obtain these by visiting Windows Update, which is linked to from the Tools menu of Internet Explorer. We always recommend the use of fully up-to-date third-party anti-virus, firewall and Internet security software, particularly for Microsoft Windows users.

Again, I would like to be clear that we fully recognise the impact this will have on our customers and indeed the internet community in general. All of us here are taking this week’s security breach extremely seriously and we are doing everything possible to resolve all outstanding issues. We will be publishing a full incident report and plan on what we intend to do next to our website before the weekend. This will explain exactly what has happened and how.

As you might imagine at this time, our Customer Support Team is extremely busy. I would be most grateful if, during the next few days, you could avoid contacting us unless you have an urgent issue that is not answered by any of the FAQs or elsewhere on our website. You can also find more details on our recorded information line 020 7517 8754 (please note that our Customer Support team are not available on this number).

Kind Regards,

Phil Webb
Networks Director
PlusNet

This email has been sent as it contains important information about your service from PlusNet. Please do not reply to this email, as this is an unmonitored address.

PlusNet plc
Registered Office: Internet House, 2 Tenter Street, Sheffield, S1 4BY
Registered in England no: 3279013

Chris Cotterill
Business Marketing Manager
Plusnet
godsell4

Posts: 397

« Reply #200 on: May 16, 2007, 06:52:41 pm »

I just love the irony when you look at the list of Keywords used to describe Webmail on the PN help pages here.

Quote
Keywords: email | webmail | spam | problem
Wink

SW.

BBYW1/10GB
LC100

Posts: 283

« Reply #201 on: May 16, 2007, 07:15:39 pm »

Hi

Quote
This incident has highlighted the importance of keeping systems as secure as possible. It is important to ensure that you always have the latest operating system updates and patches installed. Windows users can obtain these by visiting Windows Update, which is linked to from the Tools menu of Internet Explorer. We always recommend the use of fully up-to-date third-party anti-virus, firewall and Internet security software, particularly for Microsoft Windows users.

It's a pitty PlusNet did not follow their own advice.

I don't like that paragraph added on to the end, it seems to imply that the customer themselves was somehow responsible for "This incident" due to not having an up to date system.  It could have been worded more honestly I think, such as, "You can help mitigate any future risks when our security is compromised by ensuring your system is fully up to date..."  This problem was not caused by the customer in anyway who would think they are perfectly safe using their own ISP's web pages and web mail, and indeed should have been. 

I also find it incredible that in a few days they have identified several more possible security issues on the WebMail platform but only thought to audit the system after a major leak of data.

PlusNet keep making these big mistakes, just when they start to get back on track and people forget about their last blunder they have another  angry  How ironic that only the day before this latest blunder someone asked me about helping them sort out a broadband connection and I heard myself say PlusNet as an option, well that isn't going to happen now.

Edit:  I think a major problem with PlusNet is this open source cheap as chips approach to their software with the @Mail software licence costing just £1500 for unlimited users! Priority support costs just $200 a year, so this software isn't really enterprise strength sort of stuff is it! http://atmail.com/selectmodules.php  (I've converted $ to £ approximately)


« Last Edit: May 16, 2007, 07:25:12 pm by LC100 »
godsell4

Posts: 397

« Reply #202 on: May 16, 2007, 07:20:55 pm »

I also find it incredible that in a few days they have identified several more possible security issues on the WebMail platform but only thought to audit the system after a major leak of data.

I am afraid people are human and mistakes are made, sometimes when you get shown a problem for the 1st time, it leads you to thinking of subtle variations on the same theme that could be exploited too.

Is the perl version of @Mail ineherently less reliable/secure then the newer PHP version? Who knows?

SW.

BBYW1/10GB
scarymonkey

Posts: 1085

WWW
« Reply #203 on: May 16, 2007, 07:23:41 pm »

Re Tam's suggestion of monitoring honeypots to identify IP addresses which should be blacklisted. I have identified 10 email addresses of the format xxx@<username>.plus.com which are being spammed which are no longer used by me. I have just created a new mailbox called honeypot on my account and aliases for all these addresses - if someone from plusnet wants to look in there to check for common factors feel free - I'll be letting the spam build up in there.

I also have some other addresses which I have been sending to the blackhole for a while, but I'm keeping them separate at present.

I've added the 'honeypot' suggestion to PUGIT (as added by Jelv) as PUGIT Issue 305

Please vote if you would like this suggestion implementing

Vince Marsters
wildmind
Guest
« Reply #204 on: May 16, 2007, 07:25:12 pm »

Personally I think a lot about this situation totally sucks....

1) The excuse that this is a legacy of underspending - yet how many times have people commented on this sort of thing to be told that the investment levels are OK
2) The total lack of security testing that seems to have gone on - after recent years and events you'd have thought they'd have been pro-active
3) The lack of disclosure as soon as the flaw was discovered - and the lack of pro-active action straight away.
4) The lack of information given in key forums - and the lack of answers to straightforward questions
5) Confusing information as to who would get what updates and emails - and why they would get them

On top of that - as a user - I find it hard to believe that the situation *will* be resolved and that PN will actually learn lessons from this.
portmoak

Posts: 214


WWW
« Reply #205 on: May 16, 2007, 07:42:28 pm »

On top of that - as a user - I find it hard to believe that the situation *will* be resolved and that PN will actually learn lessons from this.


How exactly do you think it will be 'resolved'?

As a result of Force9's technical incompetence my well-protected email address (to my own personal domain) has been compromised after several years of managing to keep it safe. This can never be undone. Force9 have at a stroke managed to defeat all of the measures I have taken to protect my family from this sort of obscene spam.

It rubs salt in to read a Force9 email missive which makes all sorts of recommendations about virus protection and the like - my own systems are a sight more well-protected than Force9's!

Accounts theadamsons and portmoak
F9 customer since 1998.
mikeb

Posts: 657


« Reply #206 on: May 16, 2007, 08:29:15 pm »

1) The excuse that this is a legacy of underspending - yet how many times have people commented on this sort of thing to be told that the investment levels are OK
2) The total lack of security testing that seems to have gone on - after recent years and events you'd have thought they'd have been pro-active
3) The lack of disclosure as soon as the flaw was discovered - and the lack of pro-active action straight away.
4) The lack of information given in key forums - and the lack of answers to straightforward questions
5) Confusing information as to who would get what updates and emails - and why they would get them

On top of that - as a user - I find it hard to believe that the situation *will* be resolved and that PN will actually learn lessons from this.

I agree on all counts although I would personally substitute "lack of any real testing whatsoever" rather than just singling out a "lack of security testing".  But the thing is the situation can't ever be 'resolved' can it.  PN couldn't even be bothered to shut the stable door whilst the d@mn horse was still in sight or be honest about it either !  I was away most of last week and even if I hadn't been, I wouldn't have read webmail service.status reports BUT where exactly is the mention of a security issue and possibility of a trojan ? VERY conspicuous by it's absence it would appear. Essential maintenance my @rse !! Essential - yes, maintenance - most certainly not.

Sure they can make all the 'right' noises.  Sure they can withdraw webmail and then reinstate something maybe bit more robust in the future. Sure they can promote the use of their SPAM tools (which  I personally wouldn't touch with someone else's barge pole !) and sure they can rant on about keeping systems up-to-date and using anti-virus tools (which is more than a bit bl**dy cheeky considering exactly WHO it was that managed to get infected isn't it !) but it has to be close to 100% certain that all affected e-mail addresses are going to get totally trashed. To all intents and purposes that problem cannot be resolved satisfactorily Sad

Just how many major c*ck-ups that seriously affect customers does it take before PN look up and fully understand the concept of reviews, testing and monitoring etc. ?  It is almost beyond belief that they managed to 'find' more vulnerabilities in the atmail product AFTER the event - especially when there are several published references to certain known vulnerabilities going back some time.

I would also be very interested to know EXACTLY which version of atmail was being used in anger at the time(s) of the various incidents.  I wouldn't mind betting that that could be a rather embarrassing confession as well rolleyes

~10 years totally spam-free e-mail down the drain due to PN incompetence angry AND, I have to say, not a dissimilar scenario to what happened with my old F9 account.  Although no proof that it was a PN issue that resulted in addresses suddenly getting spammed to death after some years of no problems but highly suspicious at the time - and more so now.
« Last Edit: May 16, 2007, 08:41:37 pm by mikeb »

--
WARNING: The e-mail address on my profile is not my usual address, all messages sent via this site have been redirected elsewhere for test purposes. This could result in messages not being received in a timely manner or potentially not being received at all.
LC100

Posts: 283

« Reply #207 on: May 16, 2007, 09:18:56 pm »

Hi

Quote
As a result of Force9's technical incompetence my well-protected email address (to my own personal domain) has been compromised after several years of managing to keep it safe. This can never be undone. Force9 have at a stroke managed to defeat all of the measures I have taken to protect my family from this sort of obscene spam.

One method perhaps would be for PlusNet to introduce a new domain name, i.e. something@username.plus.co.uk that we can then start using and at some point choose to ditch any email to ...plus.com. 

Although this isn't a fool proof solution as if the list is being sold at a premium (as they are known to be valid email addresses) then to keep that premium they could just change the domain in the list and carry on selling it.

PlusNet could allow us to change our usernames so we get a different email address that wouldn't be possible to bulk change in the list as we would all decide differently what to pick however that means losing myname.plus.com to become my_name.plus.com or myname1.plus.com which isn't ideal.

OldDave

Posts: 17

« Reply #208 on: May 16, 2007, 10:07:21 pm »

I'm confused I got the Plusnet E-Mail about the security breach (saying I must be more careful to avoid spam!!) sent to my "MyName1@username.plus.com"
I haven't rec'd any spam to this address.
The addresses i have rec'd spam on are "MyName2@username.plus.com" and "username@username.plus.com"

Can someone enlighten will all my "AnythingI've set@username.plus.com be spammed"?
godsell4

Posts: 397

« Reply #209 on: May 16, 2007, 10:08:24 pm »

PUGIT item http://usergroup.plus.net/pugit/view.php?id=201 indicates PN could have been looking at or making just thinking about changing Webmail this year. Guess this plan just got accelerated.  shocked

SW.

BBYW1/10GB
Pages: 1 ... 12 13 [14] 15 16 ... 20
  Print  
 
Jump to: