Home   Help Search Groups Login Register  
You are not logged in. To get the full experience of these forums, we recommend you log in or register
Plusnet Usergroup » All Users - The Open Forum » Plusnet Customer Service Issues » Email address for this forum has been compromised
Pages: [1]
  Print  
Author Topic: Email address for this forum has been compromised  (Read 2960 times)
LF

Posts: 2

« on: November 20, 2014, 05:41:58 pm »

I use an email address of the form plusnet@xxxxx.co.uk, where xxxxx is my domain name, to access this forum and nothing else.  I have just started getting large amounts of spam to this email address.  Has anyone else had a similar problem?

The Contact Us on this Forum has been disabled so I can't ask them what has happened directly.
Penny

Posts: 1781


WWW
« Reply #1 on: November 20, 2014, 06:18:38 pm »

I use an email address of the form plusnet@xxxxx.co.uk, where xxxxx is my domain name, to access this forum and nothing else.  I have just started getting large amounts of spam to this email address.

... I have a specific e-mail address which is used only for this forum and the (PN) Comm Site, and haven't experienced anything similar.

The only unusual mail I've seen of late has been a fair amount of virus-laden e-mails arriving to a yahoo address I use for freecycle (last couple of weeks or so) but nothing via the usergroup e-mail address - I had thought PUG was fairly secure, actually : /

Regards,

Penny.

Penny Rollo       Force 9 from 17/02/98       PlusNet from 2000 onwards     
Project HappyChild - free maths worksheets, free French-English
worksheets and 12 other languages http://www.happychild.org.uk
* now building a shopping village at Sunshine City
MauriceB
Administrator

Posts: 4353

« Reply #2 on: November 20, 2014, 06:19:57 pm »

I use similar mail addressing for various elements of Usergroup activity and apart from a recent general rise in the number of SPAM mails across ALL of my mail accounts, I've not noticed a problem.  Yet!  sad

We will need to do some investigating.

Thanks for highlighting the problem.

Maurice
NB
Usergroup Member

Posts: 2065

« Reply #3 on: November 20, 2014, 08:46:19 pm »

I have a special address for usergroup e-mails also and (so far) no spam has been received.  I'll leave it to Maurice to do the detective work to check things out though.
Oldjim

Posts: 1014

« Reply #4 on: November 20, 2014, 10:53:08 pm »

This may be relevant http://community.plus.net/forum/index.php/topic,133959.0.html
LF

Posts: 2

« Reply #5 on: November 21, 2014, 09:13:58 am »

Apologies.  Having read Oldjim's link I've remembered that it's the email I use with Plusnet itself too.  I've been getting spam from the same sources as mentioned on the other thread so I think the blame is likely to lie with Plusnet.
MauriceB
Administrator

Posts: 4353

« Reply #6 on: November 21, 2014, 09:16:18 am »

Thanks oldjim - certainly very relevant.

It's odd that I've managed to miss this whole thread on Community - Huh?  Must be senility lol
MauriceB
Administrator

Posts: 4353

« Reply #7 on: November 21, 2014, 10:19:15 am »

Apologies. 
No problem. It's always best to flag potential problems early rather than late.

Quote
<snip>I've been getting spam from the same sources as mentioned on the other thread so I think the blame is likely to lie with Plusnet.

 This is most probable.   The Usergroup does not host its own independent Mail service, we just have an account with  multiple Users on the standard Plusnet Mail Platform and manage them in the same way as any other User.  Two weeks ago we did a review and cleared out a number of redundant mailboxes as part of migrating to a newer hosting platform, so things are now much tidier. It may now be possible to revive the 'Contact Us' link now that SPAM in general is no longer a problem - so thanks for the memory jogger on that

Marice
mikeb

Posts: 657


« Reply #8 on: February 20, 2017, 11:25:49 am »

Sorry for resurrecting Ye Olde Thread mostly just to add ...

[aol]Me too[/aol] Sad        and check out the         Tongue

but a specific e-mail address which is used SOLELY for this site/forum on a PN account that didn't even exist at the time of the primary PN e-mail hack has today received spam for the very first time.

The (now apparently compromised) PN A/C was set up some time after PN managed to release email details for all of my F9 and PN A/Cs to one or more 3rd parties in 2007.  As far as I'm concerned, this data can only have been obtained via PN/PUG because I just can't see how there can be any other plausible source. It quite simply doesn't exist anywhere else and hasn't seen any spam to date despite further alleged PN data breaches subsequent to the well known about event in 2007.

Although PN wrecked all of my long-standing A/Cs by releasing data and they continue to get regularly spammed to death, the spam received is still being fully monitored. I am well aware of the alleged breach in Nov 2014 as it was immediately obvious from my monitoring that additional specific data had been compromised despite all the PN denials various. However, this specific PUG e-mail address and/or this specific PN A/C wasn't affected then and hasn't been affected at any time to date either. It seems that this shiny new spam is not being seen on any other e-mail address on any other PN/F9 A/C whether previously compromised or otherwise ... just the one specific address on the one specific PN A/C that has only ever been used here.

Delayed reaction to one or more of the previous PN hacks or is anyone else seeing shiny new e-mail abuse ?



EDIT: More info and an example

pug@My_PN_Account2.plus.com didn't exist until December 2007 (A/C My_PN_Account2.plus.com was registered around June 2007) and the address was only really in occasional use during 2008 in any case. Primarily thread reply notifications early/mid 2008 plus just a few random PMs late 2008.  There have only ever been 132 PUG messages received with the very last genuine message being in January 2009.  

Now spam:

Code:
Received: from spooler by mail.My_PN_Account.plus.com (Mercury/32 v4.72); 20 Feb 2017 08:07:46 -0000
X-Envelope-To: mbtw2pn
Received: from POP3D by mail.My_PN_Account.plus.com with MercuryD (v4.72); 20 Feb 2017 08:07:39 -0000
Return-path: <mansour-amine.akbi@lapste.net>
Envelope-to: pug@My_PN_Account2.plus.com
Delivery-date: Mon, 20 Feb 2017 08:05:43 +0000
Received: from [212.159.9.108] (helo=avasin06.plus.net)
 by inmx18.plus.net with esmtp (PlusNet MXCore v2.00) id 1cfiyd-000549-9d
 for pug@My_PN_Account2.plus.com; Mon, 20 Feb 2017 08:05:43 +0000
Received: from [160.120.22.200] ([160.120.22.200])
by avasin06.plus.net with Plusnet Cloudmark Gateway
id mw5f1u0084K1Gds01w5iAL; Mon, 20 Feb 2017 08:05:43 +0000
X-BV-Spam-Flag: Yes
X-IPAS: Level1
X-CM-Score: 100.00
X-CNFS-Analysis: v=2.2 cv=Bb2o6vl2 c=1 sm=1 tr=0
 p=RTk0eHZ2DrJlZPA3llzyDg==:17 p=a-0_99mXpksmAfr0s-EA:9 p=y3TWnlBEAAAA:8
 p=zLQcBLSSKIrqbsZe:21 a=RTk0eHZ2DrJlZPA3llzyDg==:117 a=r77TgQKjGQsHNAKrUKIA:9
 a=tfwewdB7HFUA:10 a=QPd-B6XI0CwA:10 a=_W_S_7VecoQA:10
 a=2EECN8Q4aSjvsrRbs9Eq:22
Message-ID: <C6830F46E94ACAA0E569208F2CACC683@BXUPM24PY>
From: <mansour-amine.akbi@lapste.net>
To: <pug@My_PN_Account2.plus.com>
Date: 20 Feb 2017 15:22:25 +0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_004F_01D28B76.018A5319"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail 15.4.3508.1109
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3508.1109
X-pn-pstn: Spam 1
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: From International Company
X-Agent-Received: from Mercury POP (PN/My_PN_Account2) (pop.My_PN_Account.plus.com); Mon, 20 Feb 2017 10:24:19 +0000
X-Agent-Junk-Probability: 0

Dear pug,

We are looking for employees working remotely.

My name is Mercedes, I am the personnel manager of a large International company.
Most of the work you can do from home, that is, at a distance.

Salary is $2100-$5600.

If you are interested in this offer, please visit
Our Site

d_healthHave a nice day!

The A/C has a catch-all mbox so it would be fairly obvious if this was a result of a dictionary attack or something similar. It isn't. There is absolutely no evidence of any other spam being received at any time.
« Last Edit: February 20, 2017, 04:01:06 pm by mikeb »

--
WARNING: The e-mail address on my profile is not my usual address, all messages sent via this site have been redirected elsewhere for test purposes. This could result in messages not being received in a timely manner or potentially not being received at all.
Foresee

Posts: 19


Not young enough to know everything

« Reply #9 on: March 23, 2017, 08:49:14 pm »


is anyone else seeing shiny new e-mail abuse ?


You are not alone mikeb.

I created an alias PN address purely for PUG in 2008. It has never been used to send, and has received nothing. Its format makes it virtually unguessable.

Since last Thursday 16th until today I've had six emails: three pharmacy spam, two 'Fedex' phishing, and one which seemed to have no purpose at all.

Most things are somewhere else
NB
Usergroup Member

Posts: 2065

« Reply #10 on: April 02, 2017, 11:59:15 pm »

I've left this a while partly to see if anything came in to me and partly because I don't check in on the forums here as often as I used to so only noticed this a couple of weeks ago.  I've had no spam to my usergroup specific e-mail address recently, but did get one a year ago.  I don't suppose either of you clicked the report a post button in the past did you?

If you report a post an e-mail goes out to the team and it contains a reply e-mail address for the person reporting the post.  So if any of the e-mail accounts belonging to those people who get notified was compromised then e-mail addresses could be harvested from them.  That could be either their pc or their e-mail provider that was compromised.
Pages: [1]
  Print  
 
Jump to: