Menu
Reply
  • 68
  • 1
  • 28
Finnegan
Dialled in
441 Views
Message 61 of 75
Flag for a moderator

Re: Email Sending Problems - IP Addresses

Thanks for the explanation Ravenstar68.  Both you and bronham deserve 5* for staying with me throughout this tortuous journey.  Hopefully some others will get some help if they read through this long discussion.  My heartfelt thanks.

  • 394
  • 22
  • 139
bromham
Fibre optic
433 Views
Message 62 of 75
Flag for a moderator

Re: Email Sending Problems - IP Addresses

Glad to help.  You were just one of many thousands of VM customers who are running spam bots and it's a pity that VM don't take the issue at all seriously.

  • 17.7K
  • 969
  • 7.32K
Very Insightful Person
Very Insightful Person
431 Views
Message 63 of 75
Flag for a moderator

Re: Email Sending Problems - IP Addresses

I think we need to make a sticky in the security section suggesting this as a potential way of looking for infected devices.  To be honest, you were a bit of a guinea pig here 😉  I knew what I wanted to achieve and was reasonably sure how to go about it.  Wired devices would be a little more awkward, but not impossible.

Essentially what we did is create a packet sniffing setup with no extra hardware, and then connected as many wireless devices to it as possible (max 8 according to my PC) in order to look for packets passing through on port 25.

I'd like to congratulate you on persevering with this, and thank you very much for your patience.  Obviously the next thing is to delist your IP and make sure that you don't end up back on the CSS.

Tim

As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

Use Kudos to say thanks

Mark as Helpful Answer if I've helped

  • 1.46K
  • 178
  • 799
Very Insightful Person
Very Insightful Person
377 Views
Message 64 of 75
Flag for a moderator

Re: Email Sending Problems - IP Addresses

Well done @ravenstar68 and @bromham

I have some observations which @Finnegan  may care to comment upon.

1. In this thread - https://community.virginmedia.com/t5/Email/IP-Address-Blacklisted/td-p/4070792

of 18 posts there is a single mention of 3 Firesticks in message 3.

2. In this thread - https://community.virginmedia.com/t5/Email/Email-Sending-Problems-IP-Addresses/td-p/4078949

of 63 posts there is a mention of 3 firesticks in message 8, a mention of 1 Firestick in messages 29 and 30.

No mention of any added software on any Firesticks in any of the above.

3. And then the “Eureka” moment in message 50 – it’s a Firestick.

4. This is then followed in message 55 by this -

I've now identified one of the Firesticks as being the major culprit and it's been removed until we can clean it up. It'll mean putting it back on until we do a reset to factory settings. To answer bromham, yes, some non-standard software has been installed on it (it wasn't me Guv!).”

5. I have to ask – WHEN did you become aware of the added software? Are you saying you were completely unaware of this – on your kit? Or if you knew about it why not mention it? Any device with non-standard software added must be immediately suspect.

Whilst it is not illegal to “Jailbreak” a Firestick and load additional software on it (it’s your property after all) – it opens up a rat’s nest of opportunities to access and view copyright material without paying for it – and possible consequences of that.

And as you are now well aware, it makes a Firestick device with its defences opened up a tempting new target for the spammers to plant their malware in.

0 Kudos
Reply
  • 34
  • 0
  • 7
Humuss
On our wavelength
354 Views
Message 65 of 75
Flag for a moderator

Re: Email Sending Problems - IP Addresses

Well done, everybody. A great piece of sleuthing.

One question that springs to my mind is whether the start of the blacklistings (around 23 September according to Finnegan) coincided with the acquisition of the offending Firestick, or its change of software. If the Firestick, or its alteration, is significantly older, then then one has to question the gap in the timings of cause and effect.

The next step is to see if the blacklistings stop now that the Firestick is removed from the network.

Another take-away for anyone encountering this thread is that something as seemingly innocuous as a Firestick can be a source of problems such as this. It should make anyone very wary of acquiring IoT devices from untrusted sources.

0 Kudos
Reply
  • 17.7K
  • 969
  • 7.32K
Very Insightful Person
Very Insightful Person
313 Views
Message 66 of 75
Flag for a moderator

Re: Email Sending Problems - IP Addresses

@BillC45 

I think you're being a little harsh IMHO.

The problem is that people buy these Firesticks, Kodi Boxes etc without realising that they actually have a CPU and a fully working operating system.  I believe the Firesticks use Android as a base.  Kodi runs on a range of operating systems.

However most people simply view them as a tool to watch content on their TV - without realising that the operating system can afford hackers another means of access to your network.  Certainly on doing a search we do find modded Firesticks used to mine bitcoin for these ne'er do wells.  Although I couldn't find anything to suggest that they were hosting spambots.  I don't know if you've seen anything.

Tim

As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

Use Kudos to say thanks

Mark as Helpful Answer if I've helped

  • 1.46K
  • 178
  • 799
Very Insightful Person
Very Insightful Person
290 Views
Message 67 of 75
Flag for a moderator

Re: Email Sending Problems - IP Addresses

@ravenstar68 

Tim

We may have to agree to differ on this one. Whilst I accept that the average customer believes they are simply buying access to further media services, they need to be aware that the device they are buying is susceptible to attack by malware and they need to take sensible precautions – such as NOT breaking into it and installing software of dubious provenance. The Firestick runs Android and is therefore just as vulnerable to any current or future attacks as any other Android device.

The cyptocurrency miner is the best known recent malware in this area and has been around for well over a year. If you have a browse through ebay, you’ll find literally hundreds of Firestick hardware, software and services offers (ie we’ll do the hack for you) – none of which seem to advise purchasers of the downside risks.

Your intention to put together a sticky on this subject is a good one. I suggest you add a severe warning about Jailbreaks and dubious software.

Bill

  • 68
  • 1
  • 28
Finnegan
Dialled in
253 Views
Message 68 of 75
Flag for a moderator

Re: Email Sending Problems - IP Addresses

To BillC45 (sorry, I don't know how to 'tag' you)

I am the 'custodian' of 1 Firestick, 1 Smart TV both with no added software and 1 laptop with quite a lot of added software and 1 Kindle and 1 Android phone with a few added apps.  

My husband is the 'custodian' of 2 Firesticks (1 infected), 2 laptops, 1 Smart TV (infected), 1 Android Tablet and 1 Android phone.  He's added software and apps to all of his devices since he acquired them.  I was vaguely aware of that but did not know if any of it was 'dubious' or non-standard.

I still don't know which app(s) actually caused the trouble but both his Firesticks and the Smart TV have now been reset back to factory settings. His laptops, tablet and phone seem to be innocent but they have Kaspersky Total/Internet Security installed on them and, although that cannot 100% guarantee that they will remain safe, I feel they have reduced vulnerabilities.

It is not MY kit - I share the Hub3 with my husband and therefore shared the blacklisting.  I was not aware that the Firesticks or Smart TVs could be infected by Malware and have learnt a costly lesson (in terms of time spent).  I know I needed a lot of help from Ravenstar68 and bronham and I'm very grateful for it but, had they made me feel as bad as your post has, I expect I might have just got round the problem by using our Gmail accounts and not put such effort (over 3 weeks elapsed time) into seeking the root cause.

Looking on the bright side, this thread might alert others as well as the suggested 'sticky' by Raventar68.

  • 68
  • 1
  • 28
Finnegan
Dialled in
244 Views
Message 69 of 75
Flag for a moderator

Re: Email Sending Problems - IP Addresses

To Humuss (Sorry, I don't know how to tag you)

We acquired our 3 Firesticks at different times but all were purchased 1-2 years ago directly from Amazon and my husband cannot recollect when he last added software to his 2 or to the Smart TV which was also affected.  Therefore, there may be a gap but I cannot say for certain.

We have reset to factory settings 2 of our Firesticks ( only 1 was infected but we did the other just in case).  I 'control' the 3rd Firestick and it only had a Netflix app added since I acquired it.  It seems my Samsung Smart TV does not allow me to download the Netflix app !

Hope this helps.

Highlighted
  • 9.95K
  • 1.1K
  • 4.74K
Very Insightful Person
Very Insightful Person
239 Views
Message 70 of 75
Flag for a moderator

Re: Email Sending Problems - IP Addresses

@Finnegan

You can't "mention" people. Only VM staff and the Superusers have that privilege. 

I watched this thread which great interest and much sympathy. And because of the undoubted expertise of @ravenstar68  and @bromham I have learned a great deal.

In your position I would have felt like I had been through both a technical and emotional mill but your issues have served an important service.  The outcome and processes developed in helping you will serve this Community of VM staff and VM users to resolve many more of these in a more timely and expeditious manner.

You may not have enjoyed the experience (obviously you didn't) but you have all contributed greatly to our collective knowledge and ability to help VM users who come here for help.  In all sincerity that should give you a sense of pride and take the edge off your apprehension.

We are hoping that as a result of what we have all learned the Forum will feature in due course a permanent sticky post to guide others who experience a similar problem and to help us help others.



As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

Use Kudos to say thanks

Mark as Helpful Answer if I've helped