Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 ... 3 4 [5]

Author Topic: Spam.. From you :(  (Read 4481 times)

d2d4j

  • Reg Member
  • ***
  • Posts: 555
Re: Spam.. From you :(
« Reply #60 on: August 03, 2017, 07:20:35 PM »

Hi

I would consider the host platforms not to be compromised and especially the root access to MySQL (which should be set standard as local only - no remote access)

Kitz server is a vps, which has additional segmentation and most likely has rootkit testing already setup

I'm just at skegness with family but if kitz would like me to look, I would but honestly, I do not believe this to be an issue, as it would appear only to be on 1 email as posted earlier, but may prove to be similar to others

Many thanks

John
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 5030
Re: Spam.. From you :(
« Reply #61 on: August 03, 2017, 07:28:00 PM »

Since you seem to have good knowledge of the hosting arrangements and can speak with confidence on the mechanisms in place thats good to hear.  I was just merely speculating of course the possibilities however unlikely they may be and do agree that its a lot more likely the spam came via unrelated ways of distribution.
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

d2d4j

  • Reg Member
  • ***
  • Posts: 555
Re: Spam.. From you :(
« Reply #62 on: August 03, 2017, 09:19:27 PM »

Hi chrysalis

Many thanks but sorry, I do not nor have any access to kitz platform/server/services sorry

I know how ISP/Hosting platforms should be setup, and I know kitz host, so they will be setup to a high degree as all platforms are, and will be systematically tested for rootkits (ours certainly are). Vp

Vps servers are very highly segmented to each vps, with monitoring on resources to attempt to stop any 1 (or more) vps from bringing the server/platform down.

Please understand, as with everything, there could be new attack vectors which are unknown, so we never say 100%, just as users on their computers cannot 100% state they have never been/are currently infected, or can be 100% sure where any spam emails may have been sourced.

Headers would be good but this would only show where the emails have originated (yes headers can be stripped/manipulated but the headers on the email can only be stripped on the sending server - if a spammer has setup their own smtp server - however, the receiving server would add their headers in, which the spammers cannot manipulate, so the original sending details remain on many aspects of details)

As I said, with only 1 report of spam (other reports have looked into as per thread) then it is very unlikely to be connected with kitz  if you have every dealt with this issue or similar, they do not just use 1 or even 5 email addresses (if harvested), it's usually all as a one shot before it's highlighted and on most hosted platforms, it happens very quickly.

I hope that helps and explains a little more of possibilities/reasons 

Many thanks

John
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 5030
Re: Spam.. From you :(
« Reply #63 on: August 03, 2017, 09:36:45 PM »

the email server logs would e.g. reveal if its a dictionary attack, as you would see in the logs other random addresses for the same domain been tried as a recipient, someone without access to such logs would be completely unaware of this.

Regarding the hosting, I will mention I do server administration for a living and have over the years have had multiple clients who run hosting companies, and will end it there, also not sure how much kitz wants us discussing her host here, she has mentioned in the past its not a VPS tho as her website has too much traffic.
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

d2d4j

  • Reg Member
  • ***
  • Posts: 555
Re: Spam.. From you :(
« Reply #64 on: August 03, 2017, 10:05:11 PM »

Hi chrysalis

Many thanks, and apologies, I was not meaning to cause any offence sorry. I do not know you nor you know me.

The server logs for email would not show as an attack in the real sense, as this would be mass spam sending (no attack is entered into to gain access), and on most mail platforms, backscatter is stopped (unless the client wants a reply to been sent stating email account unknown etc...), but most platforms are set default to silently drop

I would never discuss kitz server, as I would not discuss any server specifically. Rather just generalise sorry. That said, kitz has already confirmed it is a managed server, so all these aspects should have been implemented as a matter of course with managed duties of SA.

I was only trying to let people know I did not have any access, nor do I ask for any access to kitz.

I hope that clarifies and once again, I apologise if I caused upset. It was not my intention sorry

Many thanks

John
Logged

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3329
Re: Spam.. From you :(
« Reply #65 on: August 03, 2017, 10:10:16 PM »

I thought we had established that use of unique email addresses is a bit irrelevant, and spam to such a 'unique' address no longer implies that the corresponding site has been compromised, or even that the user has been hacked.

These unique email addresses can be discovered by various other means, described earlier in thread,  without implying any attack at all - successful or not - on kitz's servers.
Logged

aruba

  • Member
  • **
  • Posts: 52
Re: Spam.. From you :(
« Reply #66 on: August 03, 2017, 10:29:17 PM »

I thought we had established that use of unique email addresses is a bit irrelevant, and spam to such a 'unique' address no longer implies that the corresponding site has been compromised, or even that the user has been hacked.

These unique email addresses can be discovered by various other means, described earlier in thread,  without implying any attack at all - successful or not - on kitz's servers.
Would you not expect to see spam from other random email addresses if spammers were just trying random addresses? Kitz seems an odd word to pick from random and know that it would have any link to a certain email address/domain name.

I'm not saying there has been any breach (in fact I don't think there has been from the what has been described) but it just seems like an odd co-incidence that it all started at once for different users. Thankfully, I'm spam-free again after blocking the email address.
Logged

d2d4j

  • Reg Member
  • ***
  • Posts: 555
Re: Spam.. From you :(
« Reply #67 on: August 03, 2017, 10:35:46 PM »

Hi

Sorry, my opinion is the opposite (and have seen it a lot). The more popular, the more likely it is to contain the domain

In a funny way, it shows the site is worth spending time on for the bad people, whereas a site which is not as popular, is not

I hope that makes sense but sorry if I am wrong.

Many thanks

John
Logged

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3329
Re: Spam.. From you :(
« Reply #68 on: August 03, 2017, 10:42:22 PM »

Would you not expect to see spam from other random email addresses if spammers were just trying random addresses? Kitz seems an odd word to pick from random and know that it would have any link to a certain email address/domain name.

I'm not saying there has been any breach (in fact I don't think there has been from the what has been described) but it just seems like an odd co-incidence that it all started at once for different users. Thankfully, I'm spam-free again after blocking the email address.

There is no suggestion that the  spammers are trying random addresses.  If they were, it would be obvious to anybody who uses their own domain to create 'unique' addresses. 

Simply, it transpires that spammers have the ability to discover 'unique' addresses, no server attack, no randomness, no brute force,  no user account hacking.  And nothing, absolutely nothing, that Kitz or her hosts, or any other website owner, can really do about it.     It's all been explained earlier in thread.
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 30477
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Spam.. From you :(
« Reply #69 on: August 04, 2017, 12:02:19 PM »

I'm not really sure what else I can add.   Whilst I won't deny that there appears to be some sort of link for a few addresses, all I can do is confirm that my server appears to be secure and I have always done my utmost to ensure security of data.  Any patches are applied asap - usually the same day/night of release.

As explained by the reddit post using unique addresses is no longer a way to guarantee that a particular domain has been breached.  Bots are now sophisticated enough to be able to suss out that people are using website addresses in front of their domain names.

I myself very recently thought another website that I used to be a member of may have been breached because I started getting spam about a month ago on a 'unique' address I use for the Plusnet usergroup -  You can see here, a few others are saying same thing, but PUG are also saying nothing that they can see their end.   The one thing I do know is that I have had email addresses breached from avast and a couple of the other major ones a few years back.   Its affected my PUG email, but not the one I use for my email on this site - the difference is I use very unique and strong passwords for this site.  My web@ gets lots of spam - always has done - but that is because it is pretty public, but even that did not appear on that list.

All I can do is apologise if you may have been caught up in this, but I really am not sure what else I can do or could have done.   You should be able to see from my reaction as soon as it was reported that I did take it seriously and investigated immediately.  I can honestly say its not come about from lack of keeping up with updates, or any of my passwords being leaked... and any data held on my server is as secure as it can be.   I believe I have spent more time trying to look into this than most site owners would.

I guess the next step would be for me to use SSL, but please bear with me on that my time is limited and tbh I'm unsure how to go about this due to the fact the forum has many linked non-SSL images.   I'm aware of LetsEncrypt but I also need to research how to make it work and if I still have to pay a fee for my hosts to set it up (From what I can see there is a fee for setting up SSL which arent their own).
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 30477
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Spam.. From you :(
« Reply #70 on: August 04, 2017, 12:31:42 PM »

Quote
Kitz seems an odd word to pick from random and know that it would have any link to a certain email address/domain name.

As explained earlier in far more detail how the bots do it - no its not.  info is available on r/darkweb how its done.  They choose a forum then try their luck based on previous larger leaks.   So if say your avast@domain has ever been leaked then they try their luck elsewhere.  It's what I suspect has also happened at PUG.

They could be targeting SMF forums - I dont know and I stress that is a guess on my part..  but PUG also uses SMF.
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker
Pages: 1 ... 3 4 [5]