User comments on ISPs
  >> PlusNet plc


Register (or login) on our website and you will not see this ad.


These posts have been archived and can no longer be replied to or modified.
Pages in this thread: 1 | 2 | 3 | 4 | 5 | 6 | 7 | (show all)   Print Thread
Standard User 50pence
(experienced) Thu 17-May-07 19:02:01
Print Post

Webmail was breached, not used webmail, got spam?


[link to this post]
 
It was the webmail server that was breached, I have never used webmail, how come I have suffered the spam problem?


Regards.

Paperless office - Never! | Wireless home - April 2004.

Workstation: P4 630 / 800Mhz FSB / 1024MB 553Mhz memory / XP Pro SP2
Notebook: Core 2 Duo / 667Mhz FSB / 1024MB 667Mhz memory / XP Pro SP2
Printer: wifi Canon iP4000R
ISP: plusnet MAX - 7072Kbps / 448Kbps

"The reasonable man adapts himself to the world;
the unreasonable man persists in trying to adapt
the world to himself. Therefore, all progress
depends on the unreasonable man."
Shaw, 1903.
Standard User h0tblack
(fountain of knowledge) Thu 17-May-07 19:19:23
Print Post

Re: Webmail was breached, not used webmail, got spam?


[re: 50pence] [link to this post]
 
PlusNet have made this issue very unclear in communications.
It's possible that someone mailed your address or had you on their contacts list within the webmail platform. It seems as if any contact with the webmail platform may have meant a trace of your address was present, going back as far as when it was first setup in 2004.
It's also possible the issue is more widespread but there isn't any evidence to suggest this as yet.
Get in touch with the Comms team and give them details of the mailboxes, hopefully they'll be able to help you out.
Standard User deleted
(deleted) Thu 17-May-07 19:32:42
Print Post

Re: Webmail was breached, not used webmail, got sp


[re: 50pence] [link to this post]
 
This question has been answered in an FAQ we have just published. Tomorrow we'll be publishing it on our Portal, but for the time being you can see it here :

http://usergroup.plus.net/forum/index.php/topic,4787.0.html


Register (or login) on our website and you will not see this ad.

Standard User jelv
(fountain of knowledge) Thu 17-May-07 20:28:12
Print Post

Link to FAQ that works


[re: deleted] [link to this post]
 
A link that works:

http://usergroup.plus.net/forum/index.php/topic,4787.0.html

jelv

Plusnet ADSL PAYG Jan 2004 -
Plusnet Dialup Nov 2001 to Jan 2004
Previously Compuserve, BT & LineOne Dialup

Edited by jelv (Thu 17-May-07 20:29:03)

Standard User deleted
(deleted) Thu 17-May-07 20:57:08
Print Post

Re: Webmail was breached, not used webmail, got sp


[re: deleted] [link to this post]
 
In reply to:

This question has been answered in an FAQ we have just published.


No it hasn
Standard User rsharma
(knowledge is power) Thu 17-May-07 21:20:04
Print Post

Re: Webmail was breached, not used webmail, got sp


[re: deleted] [link to this post]
 
In reply to:

Additionally, when we first implemented @mail, we moved existing customers email addresses from our old system into the new Webmail. This effectively meant that all addresses we had stored for customers at that time would have been in the Webmail database. This explains why some ex-customers may also be affected by this.


Which of your smart technical guru came up with this plan? Plain idiotic if I am being polite (assuming that the whole database was migrated over, not only previous webmail accounts).

Why is PN not keeping up with the housekeeping and deleting old account information for customers that have left or not accessed their accounts for more than 90 days? How will you cope with the DPA regs when a complaint goes in about you retaining data for longer than was necessary? The same is true of ftp and ex-customers are still posting in the main portal forum, having left over 12 months ago. Not a very good automated process, is it? How many orphan accounts does PN have and do you even know the figure?

No mention of the fact that you were aware of a breach before reports of a wide scale problem on the 13th. No mention of the trojan having been brought to your notice on the 5th either. I am still waiting to hear the period of the trojan being on your system, or is that a secret too and not to be released until the investigation is completed? I think it has been asked enough times that PN should be forthcoming with the honest answer.

-------------------------------------------------------
Plusnet: The Truth (Blog)
Formal Complaints Process
Testing Connection Speeds
Plusnet LLU and Your Rights

Edited by rsharma (Thu 17-May-07 21:23:26)

Standard User phil100
(committed) Thu 17-May-07 21:53:03
Print Post

Re: Webmail was breached, not used webmail, got sp


[re: rsharma] [link to this post]
 
I was under the impression from this post that Plusnet did regular housekeeping...

http://bbs.adslguide.org.uk/showthreaded.php?Cat=&Board=plusnet&Number=2955971


Yes it has been factored in. The current implementation has around 2TB of disk space, whereas the new platform has 3TB.

We will be able to scale the new platform very easily and we now have access to some very reasonable pricing

It's hard to talk about headroom in terms of disk space as it's largely irrelevant. Mail is very processor intensive and is very demanding on storage. This means that the CPU would be maxed out before before you got anywhere near the 84TB or so the chassis could theoretically facilitate.

Have a look here for a comparison between the old and new units.

The points you raise about mail left on the server are valid. Our Net Ops guys carry out regular housekeeping to prevent this from happening though. Just yesterday we contacted a customer who had reached the maximum directory size on the current NetApp to arrange to have the mail archived and the address black holed. We hope to have a lot more of this automated moving forwards however it is something we keep an eye on anyway and we'll continue to do this with the new platform.

Early April we'll be making changes to the way customers' mailboxes are configured when they sign up. We'll also be adding more functionality for existing customers. We'll provide more detail nearer the time however this will help reduce the volumes of SPAM the platform needs to handle.

Kind Rgds,

Bob Pullen


ZeN
Standard User deleted
(deleted) Thu 17-May-07 21:57:58
Print Post

Re: Link to FAQ that works


[re: jelv] [link to this post]
 
Taken from here : http://usergroup.plus.net/forum/index.php/topic,4787.0.html

"Following on from this serious incident, my default mailbox has been receiving spam emails. I've changed my password etc, but I would also like to rename my default mailbox. Can I do that?

Yes, this is possible to achieve using our new
Standard User deleted
(deleted) Thu 17-May-07 22:11:34
Print Post

Re: Webmail was breached, not used webmail, got spam?


[re: h0tblack] [link to this post]
 
"In summary, on Sunday 13th May 2007 we started to receive reports that customers were receiving spam emails to addresses that had not previously received spam."

Correct me if i am wrong but were they not informed of a potential trojan on the 5th May?
Standard User rsharma
(knowledge is power) Thu 17-May-07 22:32:33
Print Post

Re: Webmail was breached, not used webmail, got sp


[re: deleted] [link to this post]
 
Yes and until almost 11 May. I am still waiting for the exact answer too but it seems not too forthcoming from anyone at PN. Instead they give an ambiguous reply:
In reply to:

In addition, it would
only affect customers who hit the single affected server during the affected period.


What is the affected period, PN? If you take the security of your customers seriously don't you think they need to know? If you have sent an email to customers that connected to the affected mailserver during a period later than 5 May and earlier than 11th you are avoiding telling many more customers that could potentially still be unaware of the trojan problem. This needs to be discussed without delay.

And if the trojan breach occurred on the 5th, so did the harvesting of emails. The FAQ and all the service status claim this to be either the 9th or the 13th instead.

-------------------------------------------------------
Plusnet: The Truth (Blog)
Formal Complaints Process
Testing Connection Speeds
Plusnet LLU and Your Rights

Edited by rsharma (Thu 17-May-07 22:39:08)

Pages in this thread: 1 | 2 | 3 | 4 | 5 | 6 | 7 | (show all)   Print Thread

Jump to