User comments on ISPs
  >> PlusNet plc


Register (or login) on our website and you will not see this ad.


These posts have been archived and can no longer be replied to or modified.
Pages in this thread: 1 | 2 | 3 | [4] | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | (show all)   Print Thread
Standard User TheFlyingGribble
(member) Wed 16-May-07 07:04:05
Print Post

Re: Things you can do to mitigate the email proble


[re: rsharma] [link to this post]
 
In reply to:

Why is the spam not being caught by existing filters?



Can't say that's my experience. I had 11 this morning to the various mailboxes and all of them had been tagged as [SPAM] by the PN filter and then tidied up by Mailwasher.
Standard User deleted
(deleted) Wed 16-May-07 08:28:12
Print Post

Re: Things you can do to mitigate the email problem


[re: rsharma] [link to this post]
 
I don't understand the logic of changing the main User Account password!!

So far as I'm concerned, the ONLY mail that has been spammed is the additional mailboxes that have a separate password!!

UNLESS, that is, PN are saying that the actual individual Accounts have been compromised!
Standard User jelv
(fountain of knowledge) Wed 16-May-07 08:45:20
Print Post

Re: Things you can do to mitigate the email proble


[re: deleted] [link to this post]
 
If someone has gone in to username, not username+mailbox using webmail on the compromised server they should change their password. If they had used the compromised server at the relevant time they will have had the email from Plusnet.

jelv

Plusnet ADSL PAYG Jan 2004 -
Plusnet Dialup Nov 2001 to Jan 2004
Previously Compuserve, BT & LineOne Dialup


Register (or login) on our website and you will not see this ad.

Standard User blewit
(committed) Wed 16-May-07 09:23:32
Print Post

Re: Things you can do to mitigate the email proble


[re: TheFlyingGribble] [link to this post]
 
In reply to:

From the logs we can see who logged in to webmail and to which server. From that we made a list of those who logged into the affected server during the time and those were emailed.




Either the email hasn't gone out yet - or they've cocked this up as well. I definitely logged into a compromised server and haven't been sent an email

I've contacted them to see what they say ...

In reply to:

Sounds like you only need to change the password if you get the 'trojan' email. That's if you can distinguish the trojan email from the spam




Just to be clear the trojan that's being talked about wasn't delivered in an email - the hacker modified the HTML of the webmail interface so that your browser would try to download a trojan file as part of the page ...
Standard User blewit
(committed) Wed 16-May-07 09:24:26
Print Post

Re: Things you can do to mitigate the email proble


[re: jelv] [link to this post]
 
I changed my account password yesterday - but this hasn't propogated to webmail - I still have to use my old password to get into webmail - grrrrr
Standard User jelv
(fountain of knowledge) Wed 16-May-07 09:26:14
Print Post

Re: Things you can do to mitigate the email proble


[re: blewit] [link to this post]
 
Can you remember what day you hit the compromised server, was it the 9th or before then?

jelv

Plusnet ADSL PAYG Jan 2004 -
Plusnet Dialup Nov 2001 to Jan 2004
Previously Compuserve, BT & LineOne Dialup
Standard User blewit
(committed) Wed 16-May-07 09:28:16
Print Post

Re: Things you can do to mitigate the email proble


[re: jelv] [link to this post]
 
9th - I have the saved source ...
Standard User deleted
(deleted) Wed 16-May-07 09:52:44
Print Post

Re: Things you can do to mitigate the email proble


[re: blewit] [link to this post]
 
While you may have logged into webmail on the 9th, you may not have logged into the infected server (1 of 6 I believe).

PN will have checked the logs for the affected server and emailed all those that actually logged into it. If you want it to be checked I suggest you raise a ticket and ask (if you have not already done so).
Standard User jelv
(fountain of knowledge) Wed 16-May-07 09:55:30
Print Post

Re: Things you can do to mitigate the email proble


[re: deleted] [link to this post]
 
If he saw the hacked webpage he must have hit the compromised server!

jelv

Plusnet ADSL PAYG Jan 2004 -
Plusnet Dialup Nov 2001 to Jan 2004
Previously Compuserve, BT & LineOne Dialup
Standard User blewit
(committed) Wed 16-May-07 09:55:38
Print Post

Re: Things you can do to mitigate the email proble


[re: deleted] [link to this post]
 
In reply to:

While you may have logged into webmail on the 9th, you may not have logged into the infected server (1 of 6 I believe).




I did - I have a saved copy of the modified HTML if you don't believe me

In reply to:

PN will have checked the logs for the affected server and emailed all those that actually logged into it. If you want it to be checked I suggest you raise a ticket and ask (if you have not already done so).




I have raised it to PlusNet as well as posting here - just making people aware that not everyone affected may know just yet ...
Pages in this thread: 1 | 2 | 3 | [4] | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | (show all)   Print Thread

Jump to