Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Forums2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus)My review of Flip
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
richms
28168 posts

Uber Geek

Trusted
Lifetime subscriber

  #1647408 7-Oct-2016 17:53
Send private message

ageorge:

 

Not job done; Ive deleted all files on my webhost for that account in the meantime till can find a better solution.

 

Not sure where to go from here.

 

 

Are you onselling accounts or something? Not really sure what you are doing there that you would be seeing anything from a rejected attempt to spam you other then perhaps some log entries?




Richard rich.ms



noroad
949 posts

Ultimate Geek

Trusted

  #1647431 7-Oct-2016 18:01
Send private message

richms:

 

So was someone in flip IP space trying to relay thru your server and hitting some limits on what you had purchased or something?

 

IME ISPs do not really care too much if their public end user address space is spamming, Some block port 25, others will not. In anycase they should be in the PBL list so your spam blocker should just drop the connection when it comes in as those IPs have no business directly sending to a recieving server.

 

 

 

 

Flip customer IP's are blocked from sending outgoing port 25, this is the only port blocked.

richms
28168 posts

Uber Geek

Trusted
Lifetime subscriber

  #1647435 7-Oct-2016 18:03
Send private message

noroad:

 

Flip customer IP's are blocked from sending outgoing port 25, this is the only port blocked.

 

 

Yeah, saw in a later post that it was showing mta3.flip as the source, which is weird for an ISP with no mail service. Unless it is some inhouse script trying to email a bill or something gone rogue?




Richard rich.ms



noroad
949 posts

Ultimate Geek

Trusted

  #1647440 7-Oct-2016 18:09
Send private message

richms:

 

Unfortunatly you need to have accepted the mail to see the headers to see what IP the server got it from, which is something that flip would be able to look at.

 

That is coming from mta3 which would be their mail server, which is weird since flip didnt give out emails when I last checked so have no need to be running a customer facing mail server? I thought you were seeing flip customer IP's directly connecting to you and delivering.

 

In any case, its blocking the emails so its job is done. Incoming spoofed emails is part of the internet so I dont expect much to be done. This is the hazard of running your own mail server which is why I would never recommend it to anyone when google and microsoft provide so much better solutions.

 

 

 

 

smtp.flip.co.nz (mta3/4/5/6.flip.co.nz) allows relay from Flip IP's for Flip customers to use, and is also used for outgoing email from portions of the other Vocus companies (Slingshot). If you have any details of the outgoing mail PM me what you can and I can have a look. The MTA's have extensive filtering on them but you can only do so much without blocking legit customer email. Its quite possible newer helpdesk staff may not actually realise there is an available relay server in the Flip environment that is also used for other Vocus group customers and this is likely the confusion you faced in this case.

richms
28168 posts

Uber Geek

Trusted
Lifetime subscriber

  #1647444 7-Oct-2016 18:16
Send private message

Why would you allow customers to relay when you do not provide email service to them? That seems like opening all sorts of problems like this here where there are ones sending spam who you have no way of blocking or rejecting since there is no login at all to the mail server to disable their access to it?




Richard rich.ms

noroad
949 posts

Ultimate Geek

Trusted

  #1647448 7-Oct-2016 18:29
Send private message

richms:

 

Why would you allow customers to relay when you do not provide email service to them? That seems like opening all sorts of problems like this here where there are ones sending spam who you have no way of blocking or rejecting since there is no login at all to the mail server to disable their access to it?

 

 

 

 

Well, some people just want a local relay server (yes some people still have Fax machines!). There are many ways to identify spam, having the customer authenticate certainly does not stop the sending of spam, in fact it is extremely likely that the burst of spam mentioned was a compromised customer on one of the other group service providers and the spam had already passed several levels of checking before the final outgoing relay. Sometimes a burst will get through the checks before being identified and blocked, they are sneaky b#######s spammers.

ageorge

626 posts

Ultimate Geek


  #1647449 7-Oct-2016 18:30
Send private message

noroad:

 

If you have any details of the outgoing mail PM me what you can and I can have a look. The MTA's have extensive filtering on them but you can only do so much without blocking legit customer email. Its quite possible newer helpdesk staff may not actually realise there is an available relay server in the Flip environment that is also used for other Vocus group customers and this is likely the confusion you faced in this case.

 

 

Its Wine time eg Friday 6 oclock. Its been a real hard day trying to sort this mess out since 6am. So sorry if my diatribe has digressed:

 

What Im seeing is a massive attack of many different email addresees, usually each second is another addressee which is refused by my host service as its oversubscribed, each from some originator using flip as a springboard to my hosting service which is hostus.net. They can only do so much. I realise that wordpress is a little bit of an open platform and at the moment Im running some malware scripts as well as later on putting some spam general protectors and a whole bunch of other things that may help.

 

Check out the image I sent you can clearly see whats happening from that.

 

What needs to be done at Flip end is to listen to customers if the customer sounds like theyve got half a brain, and investigate or pass the problem on to higher up to investigate. Originally I spoke to a lass who seemed not in the slightest bit interested and told me I had to get an  expert in to help. It doesnt matter too much about my problems, but there will have been hundreds if not thousands of emails that Flip has allowed through by not giving a toss. We all hate receiving spam, and I reckon Flip should be more proactive here. Not stupid as in shooting the messenger, but understanding when there is a problem to sort it in professional manner.

 

Cheers and back to my wine.

 

Al.

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
ageorge

626 posts

Ultimate Geek


  #1647459 7-Oct-2016 19:19
Send private message

None of the emails were addressed to me, so I have no idea of content or headers as they just pass through the site transparently.

noroad
949 posts

Ultimate Geek

Trusted

  #1647526 7-Oct-2016 23:39
Send private message

ageorge:

 

None of the emails were addressed to me, so I have no idea of content or headers as they just pass through the site transparently.

 

 

 

 

You are relaying mail without logging ?

ageorge

626 posts

Ultimate Geek


  #1647589 8-Oct-2016 08:18
Send private message

noroad:

 

 

 

You are relaying mail without logging ?

 

 

 

 

Hmm, never gave that a thought. Im not sure where the logs are for wordpress or whether its dealt with by cpanel logging but will find out.

 

Unfortunately the forms for my website have to leave a contact form without logging in but that wasnt the problem.

 

 

 

Spam relay problem in wordpress was solved by using a free addon called anti-malware by gotmls.net

 

It scanned all the files in my wordpress directory and using a comparison algorithm fixed the ones that had been altered.

 

After that I needed to change all directory permissions to 775 and all file permissions to 644 to help prevent further invasion.

 

Note that if anyone uses the above method donate to the author as he has put in a lot of hard work, and if he saves your bacon then he deserves remuneration. You can donate as much or little as you like using his website link. 

 

Now my other (PHP non-wordpress) website which is webid.co.nz has relayed 2 bits of spam over the last 10 hours but Im working on that too. I know there is a code snippet somewhere that determines user local so if its not NZ I would refuse the email. Most spammers Id imagine are from overseas.

 

Thanks kindly. Alistair.

 

 

ageorge

626 posts

Ultimate Geek


  #1647969 9-Oct-2016 13:25
Send private message

Well spam is back and I have disabled my addons in wordpress and despite all files have been scanned as reported, there seems a method they are using to pass through my site. I will investigate further and advise but its driving me nuts. All that flip needs to do is introduce optional security in their relaying systems.

noroad
949 posts

Ultimate Geek

Trusted

  #1647994 9-Oct-2016 14:29
Send private message

ageorge:

 

Well spam is back and I have disabled my addons in wordpress and despite all files have been scanned as reported, there seems a method they are using to pass through my site. I will investigate further and advise but its driving me nuts. All that flip needs to do is introduce optional security in their relaying systems.

 

 

 

 

As I said, there is extensive filtering on Flip's MTA's. Can you get me any headers?

richms
28168 posts

Uber Geek

Trusted
Lifetime subscriber

  #1647999 9-Oct-2016 14:39
Send private message

I still dont see what wordpress has to do with your server getting send spam by email?




Richard rich.ms

ageorge

626 posts

Ultimate Geek


  #1648001 9-Oct-2016 14:44
Send private message

noroad:

 

ageorge:

 

Well spam is back and I have disabled my addons in wordpress and despite all files have been scanned as reported, there seems a method they are using to pass through my site. I will investigate further and advise but its driving me nuts. All that flip needs to do is introduce optional security in their relaying systems.

 

 

 

 

As I said, there is extensive filtering on Flip's MTA's. Can you get me any headers?

 

 

New at this - any idea where I go in cpanel to find the mail log to retrieve headers?

richms
28168 posts

Uber Geek

Trusted
Lifetime subscriber

  #1648004 9-Oct-2016 14:52
Send private message

Headers are in the body of the email. If you are passing them on and not keeping a copy of them you will not have them. The logs will usually only show the IP that delivered the mail to you, which we have already established is mta3.flip - Im not sure what the setup your web dev has left you with that would lead to you passing on mail with no record of it but it sounds far from ideal.

 

 

 

edit:

 

Perhaps this needs a new thread, working with whatever tools your host/web developer has left you with is not something that is really reflective on flip, and I have a feeling that the developer has left you with a half solution that you will not be able to work with. You cant give a negative review to flip when they are not able to follow up on abuse complaints when you are not giving them the full headers of the alleged spam.




Richard rich.ms

1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright