Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1] 2 3 ... 5

Author Topic: Spam.. From you :(  (Read 4153 times)

AndrueC

  • Just arrived
  • *
  • Posts: 19
Spam.. From you :(
« on: July 28, 2017, 08:52:19 PM »

So I just received some spam sent to me using the address that I have only ever given to this site. My policy for years has been unique address for every contact. I suggest that the forum administrator start investigating their system as it seems likely they have been compromised and their database is no longer secure.

I forget when I registered for access to this site but I can assure you that only I and the database ought to know that address. I have now blacklisted the address so the only way to contact me is currently through this forum thread.

https://en.wikipedia.org/wiki/Disposable_email_address#Advantages_over_traditional_email

"Additionally, because access has been narrowed down to one contact, that entity then becomes the most likely point of compromise for any spam that account receives (see "filtering" below for exceptions). This allows users to determine firsthand the trustworthiness of the people they share their DEAs with. "Safe" DEAs that have not been abused can be forwarded to a real email account, while messages sent to "compromised" DEAs can be routed to a special folder, sent to the trash, held for spam filtering, or returned as undeliverable if the DEA is deleted outright."
« Last Edit: July 28, 2017, 08:54:36 PM by AndrueC »
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2334
Re: Spam.. From you :(
« Reply #1 on: July 28, 2017, 08:55:31 PM »

I forget when I registered for access to this site but I can assure you that only I and the database ought to know that address.

FYI taken from your user profile:

Date Registered:    June 25, 2012, 09:21:46 AM
Logged

d2d4j

  • Reg Member
  • ***
  • Posts: 552
Re: Spam.. From you :(
« Reply #2 on: July 28, 2017, 09:53:51 PM »

Hi

I think you make a bold statement sorry

There are infect numerous systems which could be compromised, including the computer you have the account setup on

I would ask if any other user has seen similar spam messages about the same time frame.

If so, it may infer a compromise of kitz db, but I stress infer as a hack would usually yield a mass spam send to all

It could just be a wild guess or random email address creation (yes it does happen, which those who work in this field know and would have seen themselves)

I am not saying your wrong or right but just pointing out various other reasons for seeing spam in the account in question.

Also, the headers would have been more beneficial

I do think though, if no other user has received spam in the timeframe then it is likely not to be a compromise of kitz db

Many thanks

John
Logged

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 38756
  • Penguins CAN fly
    • DSLstats
Re: Spam.. From you :(
« Reply #3 on: July 28, 2017, 10:46:30 PM »

I agree with what John said above - it's extremely unlikely that just a single email address would be affected if the site were compromised. Of course we'll investigate, but one thing I can assure you of: there was no leak (deliberate or accidental) by any of the very small number of people who have access to user email addresses.
Logged
  Eric

j0hn

  • Kitizen
  • ****
  • Posts: 1051
Re: Spam.. From you :(
« Reply #4 on: July 28, 2017, 10:59:33 PM »

What a load of nonsense.
Spam sends to random emails, it doesn't need to have been taken from this site.
I've had spam sent to an email the day I created it, before using it even once.
I haven't received a spam email to the address registered on this site for many many months, and it's not the only site I use it on.

I think that was an extremely bold statement, and personally think it deserves an apology. The owner of this site has spent thousands of hours creating tutorials, guides, wikis, administering the forums, etc.
She does all this without filling the site with ads and trying to make money off it. You receive 1 spam email in over 5 years and jump to a ridiculous conclusion.
Logged
BT FTTC 55/10 ECI Huawei Cab - Zyxel VMG1312-B10A bridge mode + Asus RT-AC68U running Asuswrt-Merlin - minted on MDWS via DslStats

jelv

  • Helpful
  • Reg Member
  • *
  • Posts: 599
Re: Spam.. From you :(
« Reply #5 on: July 28, 2017, 11:06:29 PM »

The email address I use on here is totally unique to this site (if the admins took a look they'd be able to see why it would only be used for this site). It hasn't had any spam.
Logged
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. Rick Cook, The Wizardry Compiled

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 30373
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Spam.. From you :(
« Reply #6 on: July 28, 2017, 11:47:03 PM »

Just got in (my dsl has been down all day - see MDWS). 
I am taking this extremely seriously leave it with me I shall do some checks straight away.
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

4candles

  • Kitizen
  • ****
  • Posts: 2187
  • Not young enough to know everything
Re: Spam.. From you :(
« Reply #7 on: July 28, 2017, 11:49:55 PM »

The email address I use on here is totally unique to this site


Here also - no spam.
Logged
Most things are somewhere else

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3295
Re: Spam.. From you :(
« Reply #8 on: July 29, 2017, 12:20:03 AM »

I take similar precautions to AndrueC these days and get very little spam that I can't identify, maybe 6 a month in my spam folder, on average.   My registration here predates these precautions, so this site would expose my real address.

This past week, filters have caught 3 spams.   That's a small increase on the average, but probably not any statistical significance. :)

Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 30373
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Spam.. From you :(
« Reply #9 on: July 29, 2017, 12:22:17 AM »

Just this minute got off the phone with my hosts.   They can see no absolutely sign of any compromise of any data.
All the forum software and any patches are already completely up to date so unless there is an SMF issue its not that.
Nor can I see anything weird in any of the forum logs.

However just to be on the safe side and because I do take security extremely serious,  I am taking some additional precautions. 
If there is any oddness with the site over the next few hours it will be me resetting things.
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 30373
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Spam.. From you :(
« Reply #10 on: July 29, 2017, 12:55:33 AM »

Results of an external security scan

https://sitecheck.sucuri.net/results/forum.kitz.co.uk
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 30373
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Spam.. From you :(
« Reply #11 on: July 29, 2017, 02:14:00 AM »

Jeeze - for those that saw what just happened, so sorry about that.  :'(
Gave myself heart failure by not only locking myself out but by doing so taking not just the forums but the front page of the main site down.   

The site should be ok now...   I wish I could say the same about me - It may take my hammering heart a while to recover.    :o
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 30373
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Spam.. From you :(
« Reply #12 on: July 29, 2017, 04:54:45 AM »

I think I may have found the culprit.  Try putting your email address in here. [link removed temp]


Then look see what comes up - as you will see, its not here.  Basically if you use the same username at another forum which has been hacked, then bots take the username & password to crawl other forums and find other associated accounts and emails.

This info is then sold on the darknet. Whilst I am sorry that the bot appears to have found you here, I'm afraid that despite spending hours and hours on this, I can find absolutely no evidence that it is a result of a database breach here and there is nothing I could have done to prevent it.

As mentioned everything on this side appears to be secure, my hosts can find no evidence of any breach and the only IP addresses used to connect to my database are those that I have used and MISP which is my hosts. The admin account had only been accessed by my IPs.
As my hosts said earlier this evening it is highly unusual for hackers just to attack a site for email and leave everything undamaged and they suggested that it may be the work of bots and not related to this specific site. 

I guess that is why after some of the fairly large breaches last year people were advised to change all their passwords at other websites too.

See also here

Quote
Most people use the same password for all sites so what happens is when one site's database is leaked, you can try using their same user/pass for any other site you might think they are on. Databases work great for targeting individuals.

All I can do is suggest you change your password for this site and any other sites that you frequent  :(

... and on that note Im off to bed..  Ive been up since 6.45 yesterday :(
« Last Edit: July 30, 2017, 08:26:02 PM by kitz »
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

Chrysalis

  • Content Team
  • Kitizen
  • *
  • Posts: 4996
Re: Spam.. From you :(
« Reply #13 on: July 29, 2017, 05:37:12 AM »

ahh was this why the forum went down earlier?

I got an email from another site I am registered on I think was ebid, saying they found my email address in a database they purchases (hacked accounts), but they wouldnt disclose where my email address got compromised which annoyed me.

Just so noone interprets what I said above wrongly.

The above info about ebid has no relation to this site :), was an email I got several months ago and I dont use that email address on here. :)

also to add to the link kitz provided, here is another one

https://haveibeenpwned.com/

I entered one of my most commonly used email addresses and got this

Code: [Select]
Highlighted leaks where your email has been compromised


exploit.in (compilation)
592.394.406 Emails found

avast.com (forum)
421.253 Emails found

nexusmods.com
5.914.650 Emails found

Patreon
2.330.939 Emails found

Ironic that one of them is avast a security company.  But the pattern in all 4 is that they all have huge amounts of users, sites with large user databases are the ones most likely to be targeted.
« Last Edit: July 29, 2017, 05:50:31 AM by Chrysalis »
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 30373
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Spam.. From you :(
« Reply #14 on: July 29, 2017, 06:17:44 AM »

>>> ahh was this why the forum went down earlier?

Yes it was me.  Purely as a precaution I was changing the database passwords*  however despite timing both the server side and software changes at the same time, the forum software threw a hissy and decided it would shut itself down and locked me out too. 

>>> here is another one - https://haveibeenpwned.com/

Thanks.  Yeah the Avast one was a biggy that got an awful lot of people :(

Quote
Avast: In May 2014, the Avast anti-virus forum was hacked and 423k member records were exposed. The Simple Machines Based forum included usernames, emails and password hashes.

Compromised data: Email addresses, Passwords, Usernames




------
*this was one of the first things I did as 'just in case' and before I'd done a full investigation.
« Last Edit: July 29, 2017, 06:22:54 AM by kitz »
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker
Pages: [1] 2 3 ... 5
 

anything