Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 2 3 [4] 5

Author Topic: Spam.. From you :(  (Read 18638 times)

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: Spam.. From you :(
« Reply #45 on: July 30, 2017, 09:30:12 PM »

I would have thought it was more likely to be linked in with the earlier breach.

Yes, I understand exactly what you mean.   ;)

@ Kitz, please don't feel you need to spend much time on this on my behalf.  I never suspected for a minute it had anything to do with your site, and still don't.  Just to clarify, when I said I was worried that my inbox had been accessed, I meant the inbox of my personal email account hosted by Google, nothing to do with these forums.   :) 

I would of course be interested in anything explanation that unravels but please, don't stress over it. 

I would like to though, remind everyone that until recent years, forum registration did not require separate confirmation (some may still not)

That is reassuring, I have now pretty much stopped worrying completely.   My nightmare scenario was that people who frequent forums relating to things that go 'bang' might, just maybe, have unhealthy interests, and so may want to do so under a false identity.  I can't stop them using my email address, but wasn't happy that they would have been actively impersonating me by reading my private emails.  I no longer think there was any risk that ever happened.
Logged

Browni

  • Reg Member
  • ***
  • Posts: 137
Re: Spam.. From you :(
« Reply #46 on: July 30, 2017, 09:46:39 PM »

@kitz I haven't received any spam for the email address I used here, what I find a little disconcerting is my email address linked to a previously unheard of forum.

AndrueC

  • Member
  • **
  • Posts: 20
Re: Spam.. From you :(
« Reply #47 on: July 30, 2017, 10:06:21 PM »

Firstly, let me apologise for the delay in responding. I was away for the weekend and am only just catching up on stuff.
Logged

AndrueC

  • Member
  • **
  • Posts: 20
Re: Spam.. From you :(
« Reply #48 on: July 30, 2017, 10:20:31 PM »

Just got in (my dsl has been down all day - see MDWS). 
I am taking this extremely seriously leave it with me I shall do some checks straight away.
I'm glad to hear that as that was the only purpose in my posting the message. To be honest I'm not a regular visitor here so I was initially surprised that I'd even registered. I do apologise for any ill-feeling I might have caused but I was rushing to prepare for a weekend away and I felt you ought to be informed as quickly as possible.
Logged

AndrueC

  • Member
  • **
  • Posts: 20
Re: Spam.. From you :(
« Reply #49 on: July 30, 2017, 10:26:02 PM »

Ah, interesting Ah, yes that email is listed as hacked. The shared user name and password is a possibility based on the age of this account. That password is a very old one. Very, very old actually. The first password I ever came up with (in the mid-90s, lol) and was only ever used on lowest security sites. It has been pensioned off for several years now and I guess it's so long since I signed on here that it never got changed.

And yes 'fireworks' means something to me (at least in the context of that check - it ain't anywhere I've visited).

Anyway I'd like to apologise again for ruining anyone's weekend and would like to reiterate that my post was intended to be a helpful warning and was perhaps just written a little too hastily whilst preparing to leave for the weekend.
« Last Edit: July 30, 2017, 10:40:11 PM by AndrueC »
Logged

d2d4j

  • Kitizen
  • ****
  • Posts: 1103
Re: Spam.. From you :(
« Reply #50 on: July 30, 2017, 11:19:03 PM »

Hi

Many thanks

To confirm no details were ever passed to me, but details were given so I had a better understanding, and I have pm replied 

I think this thread is concluded, as I believe there is only 7lm who could not understand why he received spam, but a hack on a forum he belongs too, from the details given show he was listed in July 2016.

Jelv has confirmed no spam and andruec has just confirm hacked earlier.

The good outcome here is kitz appears as secure and can be trusted, but as always, it is only as good as a car mot, it applies only at that time/date

If anyone has any concerns, you can pm me, and I'll check but we have our grandchildren for the next 2 weeks, so time permitting

I hope that helps

Many thanks

John
Logged

d2d4j

  • Kitizen
  • ****
  • Posts: 1103
Re: Spam.. From you :(
« Reply #51 on: July 30, 2017, 11:35:18 PM »

Hi

@7lm, I'm sorry, rereading thread shows I did not fully answer sorry

You email account could/as could anyone's email account have been hacked (even using 2aith - this is a whole thread on its own as it is proven to be not 100% secure) but is unlikely in your instance

It is worth mentioning here the follow

If you have register a domain, setup spf (hard fail) and dmarc records

If anyone uses or sends email pretending to be from you (your domain), the above checks should 98% stop it dead if setup correctly

If using your email address (hacked at webmail or from your computer), this is different and harder to find/confirm. The only good thing is most people have email setup on mobile, so you have a high degree of seeing an unusual email confirming identity or services just acquired/purchased.

The above is not a full theism but a warning to keep vigilant

I hope that makes sense and helps

Many thanks

John
Logged

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: Spam.. From you :(
« Reply #52 on: July 30, 2017, 11:44:38 PM »

@d2d4j

No probs, you did help, by pointing out that other forum registration need not be confirmed by email.   Spam was not my problem, I have not received anything unusual.   My worry was that somebody had registered at that other forum, had the confirmation sent to my email, resd it, responded to it,  and deleted it.  That would have been awful, but I no longer think it happened.  :)

I do have my own domain, but it is currently managed by Google.  I was lucky enough to sign up to Google Apps while it was free.  So yes, I know all about SPFs but that would be for another thread and anyway, spam is not the problem.

Many thanks.
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33881
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Spam.. From you :(
« Reply #53 on: July 31, 2017, 01:10:43 AM »

Quote from: Browni
I haven't received any spam for the email address I used here

Thank you for confirming that.  Sorry I misunderstood and thought you had also been affected.
I think there are two separate issues and I was putting the 2 together when they may not be related at all.

Quote from: AndrueC
Firstly, let me apologise for the delay in responding. I was away for the weekend and am only just catching up on stuff.
Thank you for getting back to me.  The system you use seems similar to my own private mail.


Quote from: d2d4j
To confirm no details were ever passed to me, but details were given so I had a better understanding, and I have pm replied

Thank you John for the information & help you have given.  I wont pretend to understand it all, but since its your day job I trust that you see these type of events happening more frequently and have a far better understanding of that side of things than I do. :)
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33881
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Spam.. From you :(
« Reply #54 on: July 31, 2017, 01:15:24 AM »

To all.

I do take security extremely seriously. Because I'm not an expert in server security, it is why I pay extra for a fully managed service to ensure that someone else deals with server security and updates etc.
As far as the forum software goes I am extremely diligent about applying patches as soon as possible after they are released.

I have also learnt over the past few days from various information & topics at reddit/r/darkweb & reddit/r/DarkNet that using an email prefix is no longer a valid way of identifying that a particular forum has itself had a data breach.  Hackers and bots have now got more sophisticated and rolling on the back of some very large breaches such as myspace/linkedin/avast/adobe/etc they are now clever enough to identify domain email addresses which are using different prefixes at different forums.

It will explain why the email address I used for a another suddenly started getting spam a few weeks ago out of the blue. I'd not been there in years, but when I checked over there and it seems it may be similar to what has happened here.  There are only 2/3 people saying its happened, but on reflection I think that is also something that may have happened after the avast hack which did affect me.   So it appears whatever it is, may also be happening on other [SMF?] forums.

It explains why after the larger breaches those sites warned to change passwords on other sites too.  Although they never mentioned why you should, it is now apparent that there are bots out there crawling other forums to see if they can get even more info.  I think some of us may have felt safe because we were using unique prefixes.

I thank andrue and others for alerting me.  I must admit that at first I was highly alarmed because at that time I too was under the impression that using prefix's was a way of identifying breaches. If there was something wrong or a hole some where then obviously I wanted to plug it.
However as it stands my server is secure, and it also seems odd that normally with breaches then you would expect everyones email to have been disclosed and they usually leave behind other damage such as taking the whole forum down.

I think Im putting this to bed now as there seems to be nothing more I can add.
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

AndrueC

  • Member
  • **
  • Posts: 20
Re: Spam.. From you :(
« Reply #55 on: July 31, 2017, 12:12:42 PM »

What a load of nonsense.
Spam sends to random emails, it doesn't need to have been taken from this site.
Hardly ridiculous and without wanting to stir up a hornets nest it might be useful to you to understand why this method is a reasonable (albeit now it seems flawed) means of identifying culprit sites.

I and several others here are using contact specific email addresses. That is every contact gets their own unique email address to communicate back to us. If I get spam where the email address is(*) something like (this is hypothetical, not the real template).

sitespecific.kitz@mydomain.com

It is hardly a 'random' address. There should only ever be two entities that are aware of that address. In fact unless that is actually used to send me mail there will only be one entity (Kitz in this case). Nothing on my side even knows I've handed that address out. It won't be in my address book - ever - because I don't send myself email pretending to be other people. It will briefly be stored in my computer's RAM but otherwise there's no record of it there. The mechanism I use for these addresses actually uses wildcards to redirect the message so even my mail server doesn't have a record of that address.

Now if/when that address is used there will be a record of it in the server logs and for a while at least on my client machine. However it's still unlikely either of those could be the source of the leak because otherwise I ought to be getting spam to all my disposable addresses.

Now what's come out of this discussion is that it seems at some point in the distant past one of the low security web sites that I registered on ended up with the same user credentials as I used for Kitz. That site was hacked and later someone found that the leaked credentials from that site could also be used to log onto Kitz. So they did that, got the email address I was using here and sent me some spam.

But, technically (and absolutely not blaming Kitz) the methodology does still hold. I got sent spam because [my account on] Kitz was compromised. So whilst it might have caused some panic (for which I prefusely apologise) my DEA system worked perfectly. It identified the source and allowed me to determine and the cause and ensure appropriate steps were taken. All those of us using DEAs needs to remember in such situations is that the 'culprit' site might only be a step along the road so we should avoid making accusations. Just work with them to investigate.

But my original post was not nonsense.

(*)Very important note: You cannot rely on your email client to tell you this. Your client gets that from the headers and they can be faked. You really need to have access to your server logs in order to see what the RCPT command used for the target mailbox.
« Last Edit: July 31, 2017, 12:17:25 PM by AndrueC »
Logged

petef

  • Reg Member
  • ***
  • Posts: 135
Re: Spam.. From you :(
« Reply #56 on: July 31, 2017, 01:33:12 PM »

AndrueC has shared his advice for tracking email origins when administrative access to the email server is available.

There are a couple of other ways of doing contact specific email addresses. Your email provider needs to support them.

https://en.wikipedia.org/wiki/Email_address#Subaddressing allows a tag to be inserted. For example joebloggs@gmail.com could use joebloggs+kitz@gmail.com. Gmail, Apple iCloud and outlook.com are some of the providers offering this.

https://en.wikipedia.org/wiki/Email_address#Local-part_normalization is limited to a handful of aliases. The dots in local-part are ignored in Gmail so joe.bloggs@gmail.com and j.o.e.b.l.o.g.g.s@gmail.com end up in the same inbox.

One caveat with subaddressing is that some web services have bugs in their validation rules for email addresses. I was unable to sign up with an insurance company on one occasion.
Logged

AndrueC

  • Member
  • **
  • Posts: 20
Re: Spam.. From you :(
« Reply #57 on: July 31, 2017, 02:22:50 PM »

One caveat with subaddressing is that some web services have bugs in their validation rules for email addresses. I was unable to sign up with an insurance company on one occasion.
Yah and at least one company - Samsung - does not allow its own name in the address. So I either have to register using 'samzung' or simply not bother at all (my preferred option :) )
Logged

flak

  • Just arrived
  • *
  • Posts: 1
Re: Spam.. From you :(
« Reply #58 on: August 03, 2017, 05:22:31 PM »

FYI the email address I used to register here which is unique to this site (i.e. used nowhere else) has also started receiving spam since 29/07/17 08:17.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: Spam.. From you :(
« Reply #59 on: August 03, 2017, 06:49:37 PM »

given kitz has already changed her db passwords, and assuming all admin's are not compromised I would say the only other considered possibility would be the host itself been compromised such as root mysql password, but its still entirely possible these email accounts can get spam via other means of distribution.

I will change my email address to a unique one and monitor it, if I get junk I will then check my email logs on my email server to investigate more.
Logged
Pages: 1 2 3 [4] 5
 

anything