Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
richms
23680 posts

Uber Geek

Trusted
Subscriber

  #1647408 7-Oct-2016 17:53
Send private message

ageorge:

 

Not job done; Ive deleted all files on my webhost for that account in the meantime till can find a better solution.

 

Not sure where to go from here.

 

 

Are you onselling accounts or something? Not really sure what you are doing there that you would be seeing anything from a rejected attempt to spam you other then perhaps some log entries?





Richard rich.ms

noroad
635 posts

Ultimate Geek

Trusted

  #1647431 7-Oct-2016 18:01

richms:

 

So was someone in flip IP space trying to relay thru your server and hitting some limits on what you had purchased or something?

 

IME ISPs do not really care too much if their public end user address space is spamming, Some block port 25, others will not. In anycase they should be in the PBL list so your spam blocker should just drop the connection when it comes in as those IPs have no business directly sending to a recieving server.

 

 

 

 

Flip customer IP's are blocked from sending outgoing port 25, this is the only port blocked.


 
 
 
 


richms
23680 posts

Uber Geek

Trusted
Subscriber

  #1647435 7-Oct-2016 18:03
Send private message

noroad:

 

Flip customer IP's are blocked from sending outgoing port 25, this is the only port blocked.

 

 

Yeah, saw in a later post that it was showing mta3.flip as the source, which is weird for an ISP with no mail service. Unless it is some inhouse script trying to email a bill or something gone rogue?





Richard rich.ms

noroad
635 posts

Ultimate Geek

Trusted

  #1647440 7-Oct-2016 18:09

richms:

 

Unfortunatly you need to have accepted the mail to see the headers to see what IP the server got it from, which is something that flip would be able to look at.

 

That is coming from mta3 which would be their mail server, which is weird since flip didnt give out emails when I last checked so have no need to be running a customer facing mail server? I thought you were seeing flip customer IP's directly connecting to you and delivering.

 

In any case, its blocking the emails so its job is done. Incoming spoofed emails is part of the internet so I dont expect much to be done. This is the hazard of running your own mail server which is why I would never recommend it to anyone when google and microsoft provide so much better solutions.

 

 

 

 

smtp.flip.co.nz (mta3/4/5/6.flip.co.nz) allows relay from Flip IP's for Flip customers to use, and is also used for outgoing email from portions of the other Vocus companies (Slingshot). If you have any details of the outgoing mail PM me what you can and I can have a look. The MTA's have extensive filtering on them but you can only do so much without blocking legit customer email. Its quite possible newer helpdesk staff may not actually realise there is an available relay server in the Flip environment that is also used for other Vocus group customers and this is likely the confusion you faced in this case.


richms
23680 posts

Uber Geek

Trusted
Subscriber

  #1647444 7-Oct-2016 18:16
Send private message

Why would you allow customers to relay when you do not provide email service to them? That seems like opening all sorts of problems like this here where there are ones sending spam who you have no way of blocking or rejecting since there is no login at all to the mail server to disable their access to it?





Richard rich.ms

noroad
635 posts

Ultimate Geek

Trusted

  #1647448 7-Oct-2016 18:29

richms:

 

Why would you allow customers to relay when you do not provide email service to them? That seems like opening all sorts of problems like this here where there are ones sending spam who you have no way of blocking or rejecting since there is no login at all to the mail server to disable their access to it?

 

 

 

 

Well, some people just want a local relay server (yes some people still have Fax machines!). There are many ways to identify spam, having the customer authenticate certainly does not stop the sending of spam, in fact it is extremely likely that the burst of spam mentioned was a compromised customer on one of the other group service providers and the spam had already passed several levels of checking before the final outgoing relay. Sometimes a burst will get through the checks before being identified and blocked, they are sneaky b#######s spammers.


ageorge

489 posts

Ultimate Geek


  #1647449 7-Oct-2016 18:30
Send private message

noroad:

 

If you have any details of the outgoing mail PM me what you can and I can have a look. The MTA's have extensive filtering on them but you can only do so much without blocking legit customer email. Its quite possible newer helpdesk staff may not actually realise there is an available relay server in the Flip environment that is also used for other Vocus group customers and this is likely the confusion you faced in this case.

 

 

Its Wine time eg Friday 6 oclock. Its been a real hard day trying to sort this mess out since 6am. So sorry if my diatribe has digressed:

 

What Im seeing is a massive attack of many different email addresees, usually each second is another addressee which is refused by my host service as its oversubscribed, each from some originator using flip as a springboard to my hosting service which is hostus.net. They can only do so much. I realise that wordpress is a little bit of an open platform and at the moment Im running some malware scripts as well as later on putting some spam general protectors and a whole bunch of other things that may help.

 

Check out the image I sent you can clearly see whats happening from that.

 

What needs to be done at Flip end is to listen to customers if the customer sounds like theyve got half a brain, and investigate or pass the problem on to higher up to investigate. Originally I spoke to a lass who seemed not in the slightest bit interested and told me I had to get an  expert in to help. It doesnt matter too much about my problems, but there will have been hundreds if not thousands of emails that Flip has allowed through by not giving a toss. We all hate receiving spam, and I reckon Flip should be more proactive here. Not stupid as in shooting the messenger, but understanding when there is a problem to sort it in professional manner.

 

Cheers and back to my wine.

 

Al.


 
 
 
 


ageorge

489 posts

Ultimate Geek


  #1647459 7-Oct-2016 19:19
Send private message

None of the emails were addressed to me, so I have no idea of content or headers as they just pass through the site transparently.


noroad
635 posts

Ultimate Geek

Trusted

  #1647526 7-Oct-2016 23:39

ageorge:

 

None of the emails were addressed to me, so I have no idea of content or headers as they just pass through the site transparently.

 

 

 

 

You are relaying mail without logging ?


ageorge

489 posts

Ultimate Geek


  #1647589 8-Oct-2016 08:18
Send private message

noroad:

 

 

 

You are relaying mail without logging ?

 

 

 

 

Hmm, never gave that a thought. Im not sure where the logs are for wordpress or whether its dealt with by cpanel logging but will find out.

 

Unfortunately the forms for my website have to leave a contact form without logging in but that wasnt the problem.

 

 

 

Spam relay problem in wordpress was solved by using a free addon called anti-malware by gotmls.net

 

It scanned all the files in my wordpress directory and using a comparison algorithm fixed the ones that had been altered.

 

After that I needed to change all directory permissions to 775 and all file permissions to 644 to help prevent further invasion.

 

Note that if anyone uses the above method donate to the author as he has put in a lot of hard work, and if he saves your bacon then he deserves remuneration. You can donate as much or little as you like using his website link. 

 

Now my other (PHP non-wordpress) website which is webid.co.nz has relayed 2 bits of spam over the last 10 hours but Im working on that too. I know there is a code snippet somewhere that determines user local so if its not NZ I would refuse the email. Most spammers Id imagine are from overseas.

 

Thanks kindly. Alistair.

 

 


ageorge

489 posts

Ultimate Geek


  #1647969 9-Oct-2016 13:25
Send private message

Well spam is back and I have disabled my addons in wordpress and despite all files have been scanned as reported, there seems a method they are using to pass through my site. I will investigate further and advise but its driving me nuts. All that flip needs to do is introduce optional security in their relaying systems.


noroad
635 posts

Ultimate Geek

Trusted

  #1647994 9-Oct-2016 14:29

ageorge:

 

Well spam is back and I have disabled my addons in wordpress and despite all files have been scanned as reported, there seems a method they are using to pass through my site. I will investigate further and advise but its driving me nuts. All that flip needs to do is introduce optional security in their relaying systems.

 

 

 

 

As I said, there is extensive filtering on Flip's MTA's. Can you get me any headers?


richms
23680 posts

Uber Geek

Trusted
Subscriber

  #1647999 9-Oct-2016 14:39
Send private message

I still dont see what wordpress has to do with your server getting send spam by email?





Richard rich.ms

ageorge

489 posts

Ultimate Geek


  #1648001 9-Oct-2016 14:44
Send private message

noroad:

 

ageorge:

 

Well spam is back and I have disabled my addons in wordpress and despite all files have been scanned as reported, there seems a method they are using to pass through my site. I will investigate further and advise but its driving me nuts. All that flip needs to do is introduce optional security in their relaying systems.

 

 

 

 

As I said, there is extensive filtering on Flip's MTA's. Can you get me any headers?

 

 

New at this - any idea where I go in cpanel to find the mail log to retrieve headers?


richms
23680 posts

Uber Geek

Trusted
Subscriber

  #1648004 9-Oct-2016 14:52
Send private message

Headers are in the body of the email. If you are passing them on and not keeping a copy of them you will not have them. The logs will usually only show the IP that delivered the mail to you, which we have already established is mta3.flip - Im not sure what the setup your web dev has left you with that would lead to you passing on mail with no record of it but it sounds far from ideal.

 

 

 

edit:

 

Perhaps this needs a new thread, working with whatever tools your host/web developer has left you with is not something that is really reflective on flip, and I have a feeling that the developer has left you with a half solution that you will not be able to work with. You cant give a negative review to flip when they are not able to follow up on abuse complaints when you are not giving them the full headers of the alleged spam.





Richard rich.ms

1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic





News »

Vodafone enables 5G roaming - for when international travel comes
Posted 30-Oct-2020 15:03


Spark awards funding to Kiwi businesses in 5G funding initiative
Posted 30-Oct-2020 14:58


Huawei launches IdeaHub Pro in New Zealand
Posted 27-Oct-2020 16:41


Southland-based IT specialist providing virtual services worldwide
Posted 27-Oct-2020 15:55


NASA discovers water on sunlit surface of Moon
Posted 27-Oct-2020 08:30


Huawei introduces new features to Petal Search, Maps and Docs
Posted 26-Oct-2020 18:05


Nokia selected by NASA to build first ever cellular network on the Moon
Posted 21-Oct-2020 08:34


Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS16211+
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.