Thanks for looking into this @alecs, although I’m not sure what to conclude from the drill down to the domain names.
I have seperate e-mail address for the forum and for the unit-account. The spam is received on the unit-account, not the forum-account.
I’m sure noone is to blame, but I thought it would a least be interesting enough to look into. The defensiveness seems to show that feedback is not appreciated, which is a shame.
I was not defensive, just digging and explaining what I can.
The databases for both forum and apps store and cp are replicated and saved on multiple servers, in a star manner. If someone would be able to get the accounts emails and remove the obfuscation, that someone would likely get access to multiple databases.
Being owned by the same mother company does not imply having the same operational team. Nor the same managerial team. We have our own ops and security teams.
I am not admitting something that is unlikely to be happening because of us. I do believe this can happen, since I also saw it on my mail boxes and on other servers. Spammers also have their own databases of words and can add words to domains and randomly send email. They do not only send spam to addresses that are known to exist. Plus this kind of email can be identified as sextortion and they do receive money from some people, so it’s worth it (for them). Others make complaints on specific sites, like https://www.bitcoinabuse.com/
I did never refer to the “body” of the spam, frankly I do not care what is in that. I referred to the used mail addresses which are solely used (by me personally) on YOUR platforms. SPAM being sent on those email addresses (2!) can thus only be coming from a leak in your systems.
I have to admit I have received these kind of SPAM mail in the past on other mail addresses in the same way as these. The most common known one was an email address specifically used for linkedin (linkedinmail@mydomain.nl). And please do not argue that this mail was “guessable”.
I would advise to carefully look into the database of cp.mios.com (and the replicated ones) and be very sure that you are safe now!
linkedin → platform, very used word
mail → very used word
random word from list 1 added to random word from list 2, added domains, sent… yes, IMHO that is guessable.
Of course I double checked all my databases and servers.
People who host their email, please check the logs to see how many mail to addresses that you do not have goes to a catch-all or gets rejected. The fact that the computed to: nailed to a real address you have has nothing to do with our servers or database.
alecs, I rest my case to you. your site has been hacked/leaked. Nothing is guessable, I have “catch-all” on my domain. It does NOT matter what I put in front of it, it all comes in my box. Though I NEVER had any mail on a “guessed” name @mydomain.nl. I had a few REGISTERED on @mydomain.nl.
Remember the big linkedin-leak!? my name was on that list… and for wahtever makes my statement more reliable may mail was not linkedinmail@ but linkedin-mail@.
Ok, and out of 100000 users on ui5, you are the sole one receiving spam ?
That is a question I cannot answer for sure. But I doubt I am alone (see above). Majority of registered users will probably ignore, do not know or use a “generic account” (same for all sites like gmail or hotmail) and are not able to differentiate like me.
Edit: most probably the majority will not see the spam due to the fact their provider will kill it before it reaches their inbox. But this does not detract from my point.
Just as a fact, there are over 1300 emails personalized with filters for micasaverde, mios or vera. I know this is 1% out of 100000, but still.
Anyway, I want to assure you that we are working to optimize and enhance the experience with our products, be them old or new. We have monitoring, scaling and filtering in place, we have restricted access to databases and our filtering tools ban users and ips platform wide, eg any abuse to one server will get the user and ip banned on the full platform.
Best Home Automation shopping experience. Shop at Ezlo!
© 2024 Ezlo Innovation, All Rights Reserved. Terms of Use | Privacy Policy | Forum Rules