Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 
noroad
632 posts

Ultimate Geek

Trusted

  #1648075 9-Oct-2016 16:35

ageorge:

 

 

 

can I ring you for security reasons? or would you like to leave it till tomorrow I can live with renaming my host directory for overnight.

 

 

 

 

TBH, dealing with this during the working week is more appropriate.


yitz
1490 posts

Uber Geek


  #1648091 9-Oct-2016 17:00
Send private message

Does Flip broadband redirect all port 25 traffic through to their smtp ?

 
 
 
 


noroad
632 posts

Ultimate Geek

Trusted

  #1648093 9-Oct-2016 17:07

yitz: Does Flip broadband redirect all port 25 traffic through to their smtp ?

 

 

 

nope, you have to set it if you want to relay. Other port 25 is blocked. Customers are encouraged to use authenticated SMTPS to their email provider.


muppet
2297 posts

Uber Geek

Trusted

  #1648106 9-Oct-2016 17:39
Send private message

@noroad - You've grown soft in your old age ;-)


noroad
632 posts

Ultimate Geek

Trusted

  #1648213 9-Oct-2016 20:28

muppet:

 

@noroad - You've grown soft in your old age ;-)

 

 

 

 

** yep... I know, no more BOFH....


ageorge

480 posts

Ultimate Geek


  #1648281 10-Oct-2016 08:03
Send private message

Seems I have sorted the spam problem. If its fixed unfortunately wont be able to determine the originator of this spam attack coming from Flip port.

 

Many thanks to user 'noroad' for his perseverance and once again Flip has shown they do give a toss about their users.

 

 

 

How I eventually fixed the problem as described earlier, my method was almost there, but the tool wasnt suitable in this case. I figured it was definitely something happening in wordpress, and the method that worked:

 

NINJAFIREWALL wordpress addon which is a comprehensive recommended, free utility.
It detected a file called 'file65.php' which by content, was immediately obvious to me as alien to wordpress.
Removing this file the influx of spam seems to have stopped. So refer back to my previous post, ensure that permissions are set correctly as this is possibly how the alien file was introduced in the first place. Above all be careful about removing any file from wordpress. Make sure you do a backup of your offending wordpress installation before carrying out any such operation as Ive suggested.

 

Kind regards,
Alistair.


freitasm
BDFL - Memuneh
68869 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #1648283 10-Oct-2016 08:05
Send private message

I don't understand how a seemingly compromised WordPress site hosted somewhere else could be Flip's problem.




 

 

These links are referral codes

 

Geekzone broadband switch | Eletcricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Coinbase | TheMarket | My technology disclosure


 
 
 
 


ageorge

480 posts

Ultimate Geek


  #1648286 10-Oct-2016 08:12
Send private message

freitasm: I don't understand how a seemingly compromised WordPress site hosted somewhere else could be Flip's problem.

 

Freitasm it helps to read posts thoroughly before hitting the keys; you should know that.


freitasm
BDFL - Memuneh
68869 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #1648288 10-Oct-2016 08:20
Send private message

I've read the posts but I do not think it is clear. It would be good to have an explanation on how and why it happened.




 

 

These links are referral codes

 

Geekzone broadband switch | Eletcricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Coinbase | TheMarket | My technology disclosure


ageorge

480 posts

Ultimate Geek


  #1648294 10-Oct-2016 08:39
Send private message

freitasm: I've read the posts but I do not think it is clear. It would be good to have an explanation on how and why it happened.

 

 

 

Summary: spam was coming from a port in Flip to my site through some sort of backdoor leverage (the 'file65.php'). I let Flip know and originally they didnt seem to give a toss about spamming until I made the situation known on Geekzone (AKA FairGo).

 

Typical case of support staff not understanding or knowing when something serious is happening.

 

However, as its panned out, a senior member of Flip picked up on this post and demonstrated that he was serious about their customers.

 

Regards, Al. 


freitasm
BDFL - Memuneh
68869 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #1648301 10-Oct-2016 08:48
Send private message

You are saying these messages were coming from someone else's connection and it just happens that you have a compromised install on an external network and by chance you're on Flip as well?

Couldn't these be coming from your computer? I find it hard to believe in coincidences, that's all.




 

 

These links are referral codes

 

Geekzone broadband switch | Eletcricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Coinbase | TheMarket | My technology disclosure


richms
23681 posts

Uber Geek

Trusted
Subscriber

  #1648636 10-Oct-2016 16:41
Send private message

I still am not sure how a compromised wordpress install (which is what happens when you self host) would have had incoming spam from an ISP MTA? Its been a while since I have reluctantly dealt with wordpress and php in general and it never had its emails go out via any of the filtering on the host itself.





Richard rich.ms

ageorge

480 posts

Ultimate Geek


  #1648660 10-Oct-2016 17:22
Send private message

richms:

 

I still am not sure how a compromised wordpress install (which is what happens when you self host) would have had incoming spam from an ISP MTA? Its been a while since I have reluctantly dealt with wordpress and php in general and it never had its emails go out via any of the filtering on the host itself.

 

 

 

 

I dont know how it was happening either. There is a lot more to it than what I posted but I tried every trick in the book eg apachespamassssin settings to 0 and all mail settings to pick up any mail and dump into a spam folder. None worked so the piece of code I removed is the only likelyhood as bypassing anything else mail related except the Track log strangely enough.

 

The hosting techs could not help and I was impressed that they did not close down my account as often host services will do at the slightest hint of spam your fault or otherwise.

 

Anyway, its hopefully all done and dusted now and my original high esteem of Flip has been restored.

 

Thanks for your interest. Alistair.

 

 

 

 


1 | 2 | 3 | 4 
View this topic in a long page with up to 500 replies per page Create new topic





News »

Huawei launches IdeaHub Pro in New Zealand
Posted 27-Oct-2020 16:41


Southland-based IT specialist providing virtual services worldwide
Posted 27-Oct-2020 15:55


NASA discovers water on sunlit surface of Moon
Posted 27-Oct-2020 08:30


Huawei introduces new features to Petal Search, Maps and Docs
Posted 26-Oct-2020 18:05


Nokia selected by NASA to build first ever cellular network on the Moon
Posted 21-Oct-2020 08:34


Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS16211+
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13


Teletrac Navman launches integrated multi-camera solution for transport and logistics industry
Posted 8-Oct-2020 10:57


Farmside hits 10,000 RBI customers
Posted 7-Oct-2020 15:32









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.