Warning about using POP server

jolycu · 6 Aug 2011, 08:47 PM

Yesterday I got two warnings that I had used the POP server from my Member level account and that it is not provided at my account level. They want me to upgrade my account. The only thing is, I have NOT used their POP server! I exclusively use the webmail interface and have no email programs set up on any of my computers! Furthermore, I rarely use this Member account to send any email. Everything is forwarded to my "Full" level account and I send any email from there. The last time I used the Member account to send an email was in January.

I tried sending an email to support to ask what was going on and I got an email in return to continue the process. However, it states that they CAN NOT provide technical support to Member-level accounts, so that is a dead end. So, here I am to ask if anyone here knows what's going on and what I shoud do next. I have already changed my password (just in case my account had gotten hacked somehow) and I noticed an entry to disable POP logins under Account Preferences->Access and have checked that. Any other suggestions from all you email gurus out there? Thanks!

jolycu · 6 Aug 2011, 09:35 PM

With further searching, I have discovered that someone in China is trying to access my account. I found this by going to Options and then Login Log and tracing the DNS of the IP shown there. There were 4 attempts made yesterday. What's not shown in the log is if they were denied because they were attempting to login using a POP server or if they failed because of the wrong password.

I'm hoping this is just a brute force attack and not my computer being infected with a keylogger or some other form of malware/spyware. As soon as I saw the login attempts, I shut down that computer and am going to disconnect it from the web and do a full system scan. I don't see how a keylogger would work in this situation because I very seldom login to that account, so there wouldn't be any keys to log.

Any other suggestions to prevent this from happening again?

janusz · 6 Aug 2011, 09:43 PM

Quote:

Originally Posted by jolycu

Yesterday I got two warnings that I had used the POP server from my Member level account and that it is not provided at my account level.

Do I see a contradiction here?

rblon · 6 Aug 2011, 09:58 PM

Quote:

Originally Posted by jolycu

Any other suggestions to prevent this from happening again?

There is nothing to indicate that someone got hold of your password, right (as all 4 attempts Failed)?

I don't think there is much you can do to prevent this, as anyone can try to login with your account name. Disabling POP login (which is unsupported anyway, if I understand correctly) and changing your password is sensible, though.

jolycu · 6 Aug 2011, 10:04 PM

I guess you could say that. As I said, upon further searching, I did discover that someone in CHINA was trying to access my account via POP, so the email I received was correct. It just wasn't me that was trying to do the accessing!

Thank goodness the Chinese attempts failed! I have disabled POP and IMAP logins on my accounts now since I only use the web interface. Hopefully, this will prevent such hacking attempts from succeeding in the future.

jolycu · 6 Aug 2011, 10:07 PM

Quote:

Originally Posted by rblon

There is nothing to indicate that someone got hold of your password, right (as all 4 attempts Failed)?

I don't think there is much you can do to prevent this, as anyone can try to login with your account name. Disabling POP login (which is unsupported anyway, if I understand correctly) and changing your password is sensible, though.

Yes, POP access is unsupported for Member level accounts, but it is available for my Full level account. I have disabled POP and IMAP logins for both accounts now. Since I only use the web interface, will disabling IMAP logins on these accounts cause problems?

janusz · 6 Aug 2011, 10:11 PM

May be this was a hacking attempt, or may be this was simply a genuine mistake: somebody mistyping the userid, you'll probably never know.
Changing the password and disabling POP & IMAP (if you don't use them) is a good idea in either case.

David · 6 Aug 2011, 11:20 PM

Quote:

Originally Posted by jolycu

I tried sending an email to support to ask what was going on and I got an email in return to continue the process. However, it states that they CAN NOT provide technical support to Member-level accounts, so that is a dead end.

It's pretty sad (IMO) that Fastmail staff will not help a paid 'Member level' account holder (who also owns a paid 'Full' level account) when someone is trying to hack into any of their accounts.

n5bb · 7 Aug 2011, 11:29 AM

I recommend that you check that your Fastmail master password is reasonably secure (long and using mixed letters/numbers/symbols). Changing your password won't help unless it is nearly impossible to guess because it is long and pseudorandom. And be sure that you don't use the same password for Fastmail as you use on another site. If someone has obtained a password and your Member email address which you used at some other site (even years ago), they might be trying that same user and password credentials to log into your Fastmail account. If they tried POP, they might also try IMAP or a website login. So it's good that you disabled IMAP access if you never use an email client.

Also remember that you can choose to create Alternative Logins which provide limited access, so that you can log in from public computers without revealing your master password to keyloggers or people looking over your shoulder. This means that after logging in with an Alternative Login which was created with Full Access disabled, the Options screen features are unavailable, and although you can delete messages in a normal fashion from most folders, you can't delete any messages from your Trash folder. So someone who gets access with a restricted password:

Can not change your account settings (such as disabling your account or changing password).
Can not permanently delete any messages.

As long as there are only a few attempts, I doubt that Fastmail support would do anything. As with spam, there isn't much they can possibly do manually against such attacks if they are low in number from a particular IP. If there was a serious continuing dictionary or denial of service type attack, I'm sure that IP would be at least temporarily blocked, probably using semiautomatic tools. Of course, Fastmail and other service providers don't release details on their internal procedures, since that would assist hackers and spammers.

If the attacks continue in some manner which is bothersome, I'm sure that a Fastmail staff member would look into it if you posted here. You could also PM on this forum yassarali (a Fastmail support person who frequents this forum looking for unresolved significant issues).

Bill

Mystakill · 10 Aug 2011, 10:53 PM

Quote:

Originally Posted by jolycu

I tried sending an email to support to ask what was going on and I got an email in return to continue the process. However, it states that they CAN NOT provide technical support to Member-level accounts, so that is a dead end.

Sounds more like a "WILL NOT" than a "CAN NOT" to me, as they CAN provide support for all accounts but choose not to. I suppose this is another thing in their list of "incentives" to either upgrade or move to a different provider.

FWIW, I've been an Enhanced/Family member for most of my time with FM, but I can definitely see where Member account holders are feeling short-changed of late.

placebo · 11 Aug 2011, 03:44 AM

Quote:

Originally Posted by David

It's pretty sad (IMO) that Fastmail staff will not help a paid 'Member level' account holder (who also owns a paid 'Full' level account) when someone is trying to hack into any of their accounts.

I don't think this is true. When I had only a member account, I had to contact FastMail once or twice, and they provided support because the issues were such that it required action by FastMail to resolve.

My impression is that it's not so much that FastMail won't provide any support for member-level accounts. They just won't hold your hand when, for example, you're trying to set up Thunderbird to access your account.

David · 11 Aug 2011, 08:05 AM

Quote:

Originally Posted by placebo

\

My impression is that it's not so much that FastMail won't provide any support for member-level accounts. They just won't hold your hand when, for example, you're trying to set up Thunderbird to access your account.

Judging from the severity of the issue I considered otherwise.

6 Aug 2011, 08:47 PM	#1
jolycu Member Join Date: Feb 2002 Posts: 80	Warning about using POP server Yesterday I got two warnings that I had used the POP server from my Member level account and that it is not provided at my account level. They want me to upgrade my account. The only thing is, I have NOT used their POP server! I exclusively use the webmail interface and have no email programs set up on any of my computers! Furthermore, I rarely use this Member account to send any email. Everything is forwarded to my "Full" level account and I send any email from there. The last time I used the Member account to send an email was in January. I tried sending an email to support to ask what was going on and I got an email in return to continue the process. However, it states that they CAN NOT provide technical support to Member-level accounts, so that is a dead end. So, here I am to ask if anyone here knows what's going on and what I shoud do next. I have already changed my password (just in case my account had gotten hacked somehow) and I noticed an entry to disable POP logins under Account Preferences->Access and have checked that. Any other suggestions from all you email gurus out there? Thanks!

6 Aug 2011, 09:35 PM	#2
jolycu Member Join Date: Feb 2002 Posts: 80	More information With further searching, I have discovered that someone in China is trying to access my account. I found this by going to Options and then Login Log and tracing the DNS of the IP shown there. There were 4 attempts made yesterday. What's not shown in the log is if they were denied because they were attempting to login using a POP server or if they failed because of the wrong password. I'm hoping this is just a brute force attack and not my computer being infected with a keylogger or some other form of malware/spyware. As soon as I saw the login attempts, I shut down that computer and am going to disconnect it from the web and do a full system scan. I don't see how a keylogger would work in this situation because I very seldom login to that account, so there wouldn't be any keys to log. Any other suggestions to prevent this from happening again?

6 Aug 2011, 10:04 PM	#5
jolycu Member Join Date: Feb 2002 Posts: 80	Contradiction I guess you could say that. As I said, upon further searching, I did discover that someone in CHINA was trying to access my account via POP, so the email I received was correct. It just wasn't me that was trying to do the accessing! Thank goodness the Chinese attempts failed! I have disabled POP and IMAP logins on my accounts now since I only use the web interface. Hopefully, this will prevent such hacking attempts from succeeding in the future.

7 Aug 2011, 11:29 AM	#9
n5bb Intergalactic Postmaster Join Date: May 2004 Location: Irving, Texas Posts: 8,929	I recommend that you check that your Fastmail master password is reasonably secure (long and using mixed letters/numbers/symbols). Changing your password won't help unless it is nearly impossible to guess because it is long and pseudorandom. And be sure that you don't use the same password for Fastmail as you use on another site. If someone has obtained a password and your Member email address which you used at some other site (even years ago), they might be trying that same user and password credentials to log into your Fastmail account. If they tried POP, they might also try IMAP or a website login. So it's good that you disabled IMAP access if you never use an email client. Also remember that you can choose to create Alternative Logins which provide limited access, so that you can log in from public computers without revealing your master password to keyloggers or people looking over your shoulder. This means that after logging in with an Alternative Login which was created with Full Access disabled, the Options screen features are unavailable, and although you can delete messages in a normal fashion from most folders, you can't delete any messages from your Trash folder. So someone who gets access with a restricted password: Can not change your account settings (such as disabling your account or changing password). Can not permanently delete any messages. As long as there are only a few attempts, I doubt that Fastmail support would do anything. As with spam, there isn't much they can possibly do manually against such attacks if they are low in number from a particular IP. If there was a serious continuing dictionary or denial of service type attack, I'm sure that IP would be at least temporarily blocked, probably using semiautomatic tools. Of course, Fastmail and other service providers don't release details on their internal procedures, since that would assist hackers and spammers. If the attacks continue in some manner which is bothersome, I'm sure that a Fastmail staff member would look into it if you posted here. You could also PM on this forum yassarali (a Fastmail support person who frequents this forum looking for unresolved significant issues). Bill Last edited by n5bb : 7 Aug 2011 at 11:44 AM.

6 Aug 2011, 10:11 PM	#7
janusz The "e" in e-mail Join Date: Feb 2006 Location: EU Posts: 4,945	May be this was a hacking attempt, or may be this was simply a genuine mistake: somebody mistyping the userid, you'll probably never know. Changing the password and disabling POP & IMAP (if you don't use them) is a good idea in either case.