Basschat is NOT sending me spam !!!!

[The Dark Lord]

Hi Guys

I know you've had your IT issues of late, but why is it that I am now receiving spam to my email account which originates from Basschat?

Something about a conspiracy to kill Princess Diana

Were you aware of this?

Edited March 18, 2013 by The Dark Lord

[paul_5]

Yeah, I've heard about that conspiracy too. Turns out it was just Al Fayed letting off steam, that and the Daily Mail doing what they do best. ;-)

[The Dark Lord]

You know, maybe it's just me, but I expected some kind of mod to reply to this !!!!

Let me be more specific. When I register on a site of [i]any[/i] kind, I always register with an email address which is specific to that site. I can do that as I own my own email domain.

That way, if I ever get spam through that address, I know what the source of the spam was.

The other day, I started receiving spam to that email address ....... meaning that, the [i]only[/i] way I could be receiving such emails were if:

(1) Basschat were sending them

(2) Basschat's security had been compromised in some way and a third party had gained access to their email accounts list.

This is not great performance guys!

[mep]

I too have had that email, although I have to us the same address for most sites so can't backup your claim.

[obbm]

I have also had that email but not to the email address I currently use for BC.

It is however an old email address that a lot of BC members have used and occasionally still use.

I suspect the problem lies elsewhere.

[The Dark Lord]

[quote name='obbm' timestamp='1363685515' post='2015648']
I have also had that email but not to the email address I currently use for BC.

It is however an old email address that a lot of BC members have used and occasionally still use.

I suspect the problem lies elsewhere.
[/quote]

In my case, nobody else knows that email address. How could the problem lie elsewhere?

[ped]

I just looked in my spam email and have found the same message, but it's not gone to my registered BC email address.

[The Dark Lord]

[quote name='ped' timestamp='1363688005' post='2015718']
I just looked in my spam email and have found the same message, but it's not gone to my registered BC email address.
[/quote]

Well, it has to mine - and basschat is the [u]only[/u] place that knows that email - so it MUST have come from basschat somehow.

[ped]

[quote name='The Dark Lord' timestamp='1363688136' post='2015721']
Well, it has to mine - and basschat is the [u]only[/u] place that knows that email - so it MUST have come from basschat somehow.
[/quote]

I don't know how spam works but I frequently have spam email directed at me from accounts I've used for various sites. I guess the spambots are good at guessing email addresses.

Anyway we'll have a look into it.

[Dad3353]

[quote name='The Dark Lord' timestamp='1363688136' post='2015721']
Well, it has to mine - and basschat is the [u]only[/u] place that knows that email - so it MUST have come from basschat somehow.
[/quote]

No offence, but not strictly true. Your own PC is also aware of the address in question, and is a potential source for a spybot or similar. Not to disculp BC; just sayin' ...

[The Dark Lord]

No offence taken. You're probably unaware that I own a string of computer service and security companies and hold Cisco architect level qualifications and a Microsoft mail MVP. I know what you say, but no. The breach didn't come from me. For security reasons, I delete all registration emails and have no trace of my site specific email on my email system.

It's not me. It's Basschat. I know what is very likely to have happened. One or more of the site admins (probably all of them) operate behind either no firewall or a poor one. If any of them surf naughty things on the same PC, then who knows who have all of email addresses by now.

Just sayin.....

Edited March 19, 2013 by The Dark Lord

[chrismuzz]

I haven't had this spam email, not yet anyway! I reckon if it had come from BC everyone who registered will have received it.

[The Dark Lord]

But don't worry. My question has been answered by Ped.

All basschat email is now marked requiring verification on my mail system.

[ped]

[quote name='The Dark Lord' timestamp='1363697766' post='2015968']
No offence taken. You're probably unaware that I own a string of computer service and security companies and hold Cisco architect level qualifications and a Microsoft mail MVP. I know what you say, but no. The breach didn't come from me. For security reasons, I delete all registration emails and have no trace of my site specific email system.

It's not me. It's Basschat. I know what is very likely to have happened. One or more of the site admins (probably all of them) operate behind either no firewall or a poor one. If any of them surf naughty things on the same PC, then who knows who have all of email addresses by now.

Just sayin.....
[/quote]

I like your assumption that we're all computer illiterate (perhaps I am, but still)

Put any info you like to Hamster and we'll look into it, as you asked so nicely... Oh and make sure it's pitched to the right level

[icastle]

I also have a dedicated mail address that I used to register with BassChat and receive notifications into.
There's no spam mail of any description in there - although it does sometimes mark legitimate posts as spam.

[Kiwi]

[quote name='The Dark Lord' timestamp='1363697766' post='2015968']
It's not me. It's Basschat. I know what is very likely to have happened. One or more of the site admins (probably all of them) operate behind either no firewall or a poor one.
[/quote]
We use Cloudflare.

[The Dark Lord]

It's okay now guys. Ped answered my question really. I know where it comes from. I have locked down my system to the source and I'm secure.

[wateroftyne]

Where did it come from?

[wateroftyne]

Actually... I've just checked my junk mail folder, and there's the Princess Diana email, sent to 'basschat@....'.

Like Dark Lord, I use specific email addresses for each service I sign up for, and I don't use 'basschat@...' anywhere else.

Hmm...

[The Dark Lord]

Well done fellow Fender user. It's a no-brainer to have the distinct email thing like you and I on places like this. My guess is that it was during the recent hack that basschat had ..... a few months back as I remember? In that time, all of our emails would have been collected. It's only to be expected on a non-technical forum. I consult and lecture on the subject. I'm completely secure - but just thought it best to mention for the benefit of others who may be vulnerable. Be careful on forums.

[Hamster]

Well I consider myself well protected by firewalls and AV software but then again that's not my field of expertise. I'm always happy to receive recommendations as to what is good and what is not so good.

Yes, the forum was hacked by someone much cleverer than me and probably cleverer than you, but this was not due to a lack of security on any of the Admin's PC's - it was caused by an exploit in the forum software that was beyond our control and has now been patched by the software designers.

We've had very very few reports of spam suspected of being sent out due to that hack. I'd imagine if a database full of email addresses was downloaded then they would have sent spam to every single address on it, and that clearly hasn't happened.

I get spam every day - even though I really don't need viagra (honest!) and it really doesn't bother me

[icastle]

[quote name='The Dark Lord' timestamp='1363697766' post='2015968']
I know what is very likely to have happened. One or more of the site admins (probably all of them) operate behind either no firewall or a poor one. If any of them surf naughty things on the same PC, then who knows who have all of email addresses by now.
[/quote]

Really?
I find that presumption a little bit disturbing.

I'm sat here, at home, posting this from behind TWO hardware firewalls (from two different manufacturers) and a software firewall plus an up to date AV package.

I've yet to speak to anyone in the Admin team, many of whom are also IT professionals, that doesn't have an appropriate degree of protection.

If you'd like to send us the header information contained within this particular piece of spam mail then I'll see if we can throw any light on what's happened here.

[The Dark Lord]

[quote name='icastle' timestamp='1363737031' post='2016951']
Really?
I find that presumption a little bit disturbing.

I'm sat here, at home, posting this from behind TWO hardware firewalls (from two different manufacturers) and a software firewall plus an up to date AV package.

I've yet to speak to anyone in the Admin team, many of whom are also IT professionals, that doesn't have an appropriate degree of protection.

If you'd like to send us the header information contained within this particular piece of spam mail then I'll see if we can throw any light on what's happened here.
[/quote]

Thanks for your assistance guys. I now know what I need to know. I'm done with this subject.

[icastle]

[quote name='The Dark Lord' timestamp='1363775546' post='2017270']
Thanks for your assistance guys. I now know what I need to know. I'm done with this subject.
[/quote]

Really?

I don't think that I am actually.

Here's a nice little multichoice question for you:

You are an IT Security Professional.
You suspect that a site you are using may have a security flaw.

Do you:

a ) Say nothing and hope the perceived problem goes away.

b ) Contact the site administrators [b]PRIVATELY[/b] to tell them of the perceived problem so that they can investigate and take appropriate action if required.

c ) Post factually incorrect and defamatory statements alongside wildly inaccurate accusations in a [b]PUBLIC[/b] forum.

d ) Post details of the suspected security breach in a [b]PUBLIC[/b] forum so that it becomes a target for further attacks.


You claim to be a Security Professional, you know the right answer.

[The Dark Lord]

Since it is a forum though, Mr icastle, I suspect the other guys deserve to know that their data has been compromised.

You are a forum administrator, you know the answer to that.

Maybe we should debate this in private.