To whomever can be bothered to read this,

For a while I have defended you as the ISP you once were. Now it is clear that being taken over by BT means you couldn't run a **** up in a brewery.

Tonight I find that you have either had yet another disaterous security lapse and that the e-mail address I use soley for fax2email has become common knowledge amongst the spammers or you have had to sell the lists to make money, even though your greedy penny pinching and devious charging system should have made you all millionaires by now.

Please accept this as confirmation that I wish you to stick your pathetic service up your own **** and that by getting rid if the contact us button and not accepting e-mail technical support you have effectively become lower rate scum than Freeserve from who I migrated in the first place because they offered the same substandard service to which you now profer.

Might I take this oppertunity to thank you for completely killing my connection. Despite being limited to only 1mb thanks to your inept and useless admin system (or maybe admin people) who had me down as another telephone number completely and for charging me to fix YOUR mistake, I find that I can browse the web significantly faster using a 56k dial up modem.

With yet more and more problems I find myself in the position of feeling completely screwed over and at the end of my tether.

Please accept this e-mail as resignation to the fact that you will never ever be able to offer close to the service you once did and that I wish to move to a more stable and reliable platform. Currently, even AOL has this advantage over you.

Please forward me my MAC code with immediate effect. When I have my new ISP set up, I will advise you of my new DNS and MX records.

Yours sincerely

Once seriously disgruntled ex-customer

Never had any problems with them myself, they've been helpful every time I've contacted them about something. Shame you've had so many problems though, I'd probably switch if I'd got them as well.

I've known spammers obtain completely unpublished email addresses before know. If your email address was even vaguely guessable, then they may have just hit it by chance.

Both my Google (completely unused except for logging in) and PN (used only for PN stuff) emails got guessed. Actually, the PN one didn't, but they found my PN subdomain and just started sending stuff to random addresses.

I very much doubt it's a lapse of security. PN may be guilty of a lot of things, but I'm convinced this isn't one of them (and I don't let PN off stuff lightly - I've been with them long enough to know better). Or then again, maybe not. See below.

I think PN got the message when I requested my MAC back in Jan. I just don't have problems with them now (connection uptime currently 33 days).

Strangely in the last couple of days I've started getting spam (on my plusnet email). Annoying as for years it's been 100% spam free, it's not an easy address to guess really either. As long as it's only 1 or 2 I suppose it's no big deal but if I start getting loads it's going to be very annoying.

I retract my comments about blaming PN. I have spam in my PN inbox and it's the right address this time.

Not sure if it's a compromise or not. If it is, then I might be joining the queue for a MAC as well. If it isn't, they've clearly been targeted again (not the first time that's happened).

Well, it's a compromise. Mejinks' comments are therefore entirely valid and I will not defend the indefensible. To say I'm annoyed just doesn't quite cut it.

PlusNet takes its customers’ security very seriously.

It has come to our attention that a number of customer email addresses have been obtained illegally by a third party. As a result, some of these customers have experienced increased levels of spam to their email addresses.

We are in the process of contacting all affected customers in order to inform them of the incident and of any steps they need to take to ensure that their Internet connections and computers are safe.

We regret that this has happened but are confident that we have resolved this issue and will monitor the situation closely to ensure that the effect is minimised and the issue does not reoccur.

A detailed investigation continues and we will provide a further Service Status update tomorrow and a full incident report on Friday 18th May 2007. In the meantime please do not contact our Customer Support Centre regarding this issue as our resources are focused on contacting customers who are affected.

I'll allow them the time to investigate and report, but I'm minded to do as Mejinks has done.

Its so easy to achieve such a thing from inside an ISP. If I wanted to be a real bastard I could knock up a quick bit of code to parse out every e-mail from a mail log, and then sell that to spammers for a few bob (would easily be able to gleam probably 10k+ addresses without too much work, not including clara addresses) To be fair ISPs can only do their best to ensure their staff aren't that disgruntled enough or unscrupulous enough to do that, but there can never be any guarantees. I know one software company sold my e-mail addy on because I specifically created it for that software purchase, its not guessable (random letters), and I never used it anywhere else. I let rip at the company when I started receiving spam within a fortnight, they apologised and refunded me on the software purchase and informed me they'd kicked the relevant member of staff out :)

Aye, that's why I'm allowing them the time to investigate. If it turns out to be a member of staff then I agree there's not much they could have done. If it turns out to be incompetence on the part of their techs, then that will be the last straw for me.

This isn't the first time. It wasn't that long ago I was advised by them to change my password as a security precaution as they had some sort breach. They said there was no risk but advised me to change my password.
EDIT: Just found it.....

----- Original Message -----
From: "PlusNet Customer Support" <autoemail@plus.net>
Sent: Tuesday, February 06, 2007 9:44 PM
Subject: PlusNet discussion forum passwords


>
>
> Your username: *****
>
>
> Dear Michelle,
>
> It recently came to our attention that a potential security problem existed on our website discussion forums (http://portal.plus.net/central/forums/). It could have been possible to exploit the forum software, and retrieve an encrypted copy of the password details we hold for your account.
>
> As a user of our forums, we are now emailing you to advise you of this, and of the next steps you should take. Although we have no evidence that a malicious attack has occurred, we can confirm that one of our customers proved this vulnerability, and subsequently contacted us. We would like to publicly thank that individual, and we have had assurances that any data obtained has now been destroyed.
>
> We are now asking all customers in receipt of this email to change their account password as soon as possible, purely as a precaution. This can be done on-line, at the Account details section of our website - http://portal.plus.net
>
> This only affects customers who have used a 'weak' password that could easily be guessed. It's always good practice to make sure you change your password on a regular basis. Take a look at the advice on <http://www.plus.net/support/security/index.shtml> for more information about how you can improve your online security.
>
> If you would like more information on this incident please visit our support page at http://www.plus.net/support/customer_service/community/forum_security.shtml
>
> If you require recorded information please ring 0845 0020180.
>
> Kind regards,
>
> Dan Kirkland
> Head of Platform Team

Lets have a guess at whats caused this mess shall we?

Lets suppose you are an incompetant ISP, what do you do with your redundant webmail server that has now been superceeded? Sell it of course!

Can anyone guess what they forgot to do?

By the way Garp, what does a clara account cost these days for home MAXADSL and a static IP address?

Oh well, here we go:

http://www.plus.net/support/service/problems/problem.php?intProblemId=42694

bunch of useless idiots

Completely unrelated.

Mejinks, while I'm not going to defend them, you seem to have made up your mind on PlusNet and are simply looking for excuses to justify your position. That being the case, I can only suggest you do what you have threatened and simply leave.

In the unlikely event that you are interested in the actual cause, this (http://www.plus.net/support/service/problems/problem.php?intProblemId=42837) is the problem to watch.

By the way Garp, what does a clara account cost these days for home MAXADSL and a static IP address?

No idea I'm afraid, I pay no attention to that at all. I wouldn't peg on it being cheap, and you'll probably find downloads being capped too unless you shell out extra.

Completely unrelated.

Mejinks, while I'm not going to defend them, you seem to have made up your mind on PlusNet and are simply looking for excuses to justify your position. That being the case, I can only suggest you do what you have threatened and simply leave.

In the unlikely event that you are interested in the actual cause, this (http://www.plus.net/support/service/problems/problem.php?intProblemId=42837) is the problem to watch.

Apparently its not completely unrelated. Im not looking for any excuses, I think its a damn good reason to leave an ISP when they unwittingly provide thousands of e-mail addresses to spammers and provide a less than satsifactory service don't you?

I certainly do. It's part of the reason I don't run any ISP email addresses.

I left PN a while back and have since had excellent fullspeed connection elsewhere. And to think I used to recommend them :/

I left PN a while back and have since had excellent fullspeed connection elsewhere. And to think I used to recommend them :/

Who do you use now Desmo?

http://www.theregister.co.uk/2007/05/15/plusnet_spam_attack_may/

http://www.theregister.co.uk/2007/05/15/plusnet_spam_attack_may/


Of course, thats not a good enough reason to leave them. Im just looking for excuses.

http://www.ukfsn.org/

hmmm, they give a static ip address too? They are cheaper than PN also. Are they reliable?

Aye they give a static address and as far as i can remember have great up time (not 1 outage of note i can think of). Lovely download speeds too. Check out Entanet (ukfsn fall under their umbrella) on the www.adsguide.org isp comparison thingy. Top ratings on everything.

I'm on the office 45 option, 45 gig peak 300 off peak with 866 upload :).

http://www.theregister.co.uk/2007/05/15/plusnet_spam_attack_may/

I like how The Register does sensationalist journalism.

First line of the story..

Gaffe-prone ISP PlusNet has had its email database stolen and its users' accounts bombarded by spammers.

Then at the end:

PlusNet has not revealed whether it has been hacked or if the data was obtained illegally some other way. It said it was still investigating the spam attack and would provide more info this afternoon.

So in other words there is no indication that their database was stolen at all, its just El Reg mouthing off again. There are myriad ways to gather e-mail addresses without even touching a database.

The thing is, behind the scenes (I used to go to college with somebody who is a senior tech) They think that the addresses were harvested from a badly written piece of code on the webmail platform or from an asset disposed piece of kit. However, you are right, the register does have a penchant for sensationalist journalism.

UKFSN have been great so far. I'm on their 30/300 plan and it's great for what I need. Pretty much always get full speed from newsgroups too.

UKFSN have been great so far. I'm on their 30/300 plan and it's great for what I need. Pretty much always get full speed from newsgroups too.


Do you get binaries with the account?

Don't think so, never looked into it.

Mejinks, you obviously have inside knowledge that I don't have. To an outsider who doesn't use PN's (or anyone else's webmail) the issues appeared seperate.

I also don't rely on ISP email for anything important - the PN email is a backup contact in case my main mail server goes down. This is why I have remained unaffected by all of PN's past email blunders - until now it would seem.

I'm still considering moving to Virgin in 3-6 months (once I have room for a new STB and money to replace my main router). I'll admit that I'm loathe to move ISP and risk breaking my internet connection - I consider things like ISP email and webspace to be expendable froth.

We are currently dealing with a serious security incident that has resulted in a third party illegally accessing our Webmail database. The third party has acquired a list of email addresses for the purpose of distributing unsolicited email (spam).

We take the security of our customers' information very seriously and would like to reassure customers that the incident is being handled with the utmost importance and that at this stage in the investigation we believe no other personal information, including credit card details, has been disclosed.

We would like to assure customers that our incident team are working around the clock with the relevant authorities in order to resolve the situation. We have conducted a full platform audit and our network and software engineers are currently taking a number of actions to minimise any further risks to customers.

We became aware of an attack on Wednesday 9th May 2007 and immediately took our Webmail service offline to secure the platform. We promptly identified the source of the vulnerability and implemented a fix to prevent further attacks. We will provide full details on the vulnerability and actions taken in the incident report which we aim to publish on Friday 18th May 2007. At present we are working with our vendors and legal authorities so cannot expand further on this.

As a result of the attack a small number of customers may have downloaded a Trojan virus. This will only have affected un-patched Windows PCs with no anti-virus software installed. We are contacting affected customers by phone and email. If you have not received an email from PlusNet customer support today regarding this, your PC is not affected. However we always recommend customers have fully up-to-date Windows software and anti-virus software.

On Sunday 13th May 2007 we received reports that customers were receiving spam emails to addresses that had not previously received spam. Following investigation of these reports it became apparent that a third party had illegally acquired a list of email addresses. This list was obtained from our Webmail platform and includes accounts that customers have used to login to Webmail, as well as some email addresses contained in customers' online address books, and addresses customers have sent to using our Webmail service. It is possible that your email address may have existed in the Webmail database even if you had not used the Webmail service yourself.

This list is now being used to distribute spam email which continues to be sent to customers, and it is likely that this will continue.

One of six @Mail servers was attacked and it is possible that customers connected to this server during the incident, may have had their login details observed. Purely as a precaution we advise customers to change their account password by visiting our website. Please note if you change your account password this will need to be updated in your router or modem as well as your browser and email software.

We would like to sincerely apologise for the inconvenience to our customers and thank you for your patience whilst we continue to investigate and resolve this incident.

Further details will follow as they become available and a full incident report will be published on Friday 18th May 2007. In the meantime we would like to ask that you avoid contacting our Customer Support Centre regarding this issue as no further information is available at this time, we will provide all information that we have via Service Status and emails to customers.

So, one of their servers got cracked. The webmail system error reported above appears to have been caused by the cracker so is a consequence not a cause.

I will definitely not be amused if details beyond email addresses got leaked.

I've replaced all PN-related passwords, all other passwords that were similar to passwords on PN accounts, and all passwords that could possibly have been in emails stored on PN's servers. There goes my uptime. Anyone else still using PN, I strongly recommend they do the same whether or not you use PN's Webmail.

Yeah - I just need to get Sky out of the way (as in physically out of the way) first. :)

When we learned of the attack on our Webmail service, we identified the source of the vulnerability and implemented a fix as quickly as possible. However, following a full audit of our Webmail service we identified a number of additional security vulnerabilities that it has not been possible to patch. While these potential vulnerabilities have not been exploited, we are not prepared to compromise on customer security so we have removed our Webmail service.
So, PN have ripped out their entire webmail solution (@mail (http://www.atmail.com)). I'm not sure if that means it was the software that was vulnerable or their implementation of it.

Either way that shows just how serious it was.

FYI - they're implementing squirrelmail at the moment as a temporary solution. That's certainly a major step back from @mail, but it's simple, effective, and well trusted in the industry.

Thought I'd drag this back up.

As someone who uses webmail exclusively I'm finding the squirrelmail platform to be much nicer to use on a day-to-day basis. It's faster and seems more 'finished'. The @Mail platform had so many silly bugs that it always seemed like I was the only person using it extensively :p

It should be even better from tomorrow when they start automatically ditching all of my spam instead of just marking it and letting me deal with it. Not quite sure why they couldn't do that sooner.

O rly? (http://news.bbc.co.uk/1/hi/technology/6676819.stm)

And I love:

Neil Armstrong, products director at Plusnet

Dude! He's been to the ****ing moon!!!!

He probably says stuff like:

You know what you want? You want the moon on a stick...

;D;D;D

Yeah, I like SquirrelMail. It's my webmail of choice on my own server, so I LOL'd when PlusNet started mentioning it.

I used @Mail once ('tis the reason I now get spammed) and thought it was bloated rubbish and went back to Outlook. Shame I even tried it tbh.

Wonder what they'll come up with after six months though.

Horde > Squirrel tbh

/OT

Horde is more complete, SquirrelMail is more simple.

I prefer simplicity in my Webmail, thanks. :)

Webmail Incident Report (http://community.plus.net/comms/2007/05/23/webmail-incident-report/) - for anyone suitably interested.

Signs that at least some of the problems originated in Russia. I guess that as one of the biggest cracking hotspots in the world, that shouldn't surprise me.