|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
29 Apr 2017, 10:10 PM | #1 |
Member
Join Date: Jul 2005
Location: Long Island, NY
Posts: 52
|
Old server name notifications from hacking attempts
There has always been a handful of failed login attempts to my FM account in the logs due to hackers trying to gain access.. Ive never gone out of my way to check them - I just know they do happen.. But now, there are hackers doing it and trying to do it by accessing Fastmail's old server names (mail.messagingengine.com) -- which in turn is generating automated emails being sent from FM to me informing me that I need to use the new names.. I'm getting several of these a day.. The account is secure -- I'm using 2FA, and all of my clients are utilizing app passwords.. I'm not concerned in any way that the account is compromised -- its not. (They are failed login attempts, and all of my successful ones are from known locations)
The emails say "You have just tried to log in to our IMAP service using an old server name such as mail.messagingengine.com, caldav.messagingengine.com or carddav.messagingengine.com. These servers names no longer work and have been replaced by our new server names: ". When I check access logs, they are always attempted logins, usually from Ukraine or Russia. Is anyone else receiving these? I'm inclined to create a specific Sieve rule to start filtering them because FM said they cannot turn off the notifications for the old server name usage. Rick |
29 Apr 2017, 10:27 PM | #2 |
The "e" in e-mail
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,090
|
I have not seen attacks such as you mention, but (assuming the attackers are using a dictionary attack) that is unsurprising as none of the account names used by my customers are short and simple.
Rather than creating a Rule to discard the messages from FastMail, maybe you could eliminate the issue with an account rename. I appreciate that this means settings changes in the clients. However, I would personally be wary of discarding warning emails coming from FastMail. |
29 Apr 2017, 10:29 PM | #3 | |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,723
|
I began receiving those messages this week. I thought they were related to an old smartphone I have plugged in that hasn't been updated in a long time. Now you make me want to double check that all is well, but the message appears to be legitimate to me.
Quote:
|
|
29 Apr 2017, 10:37 PM | #4 |
Member
Join Date: Jul 2005
Location: Long Island, NY
Posts: 52
|
Of course, the other solution is just wait until the hackers start using the correct server names.. LOL. Then it will just stick a failed login in the login log without an email notification.
|
30 Apr 2017, 07:50 AM | #5 |
Member
Join Date: Dec 2013
Posts: 54
|
I started getting these yesterday. My login name is at my own domain so I doubt they're guessing usernames from a dictionary.
My guess is they're not really trying to get access, just scare/annoy people by triggering the notifications. Well, it's working. |
30 Apr 2017, 11:21 AM | #6 |
Essential Contributor
Join Date: Dec 2003
Location: Dover, NH, USA
Posts: 315
|
me too, I opened a support ticket to alert FM, but they apparently don't block excessive FAILS from a single IP...
I'm not really worried either... more or less lol |
30 Apr 2017, 07:02 PM | #7 |
Junior Member
Join Date: Jan 2015
Posts: 1
|
For about a month, I'm seeing them from IPs all over the world. They hit every 7-12 hours for a day. Then disappear for a number of days.
Just a very patient botnet looking for users with bad passwords. |
30 Apr 2017, 09:27 PM | #8 |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,723
|
Hopefully it isn't creating a traffic problem for FM, and hopefully they are working on blocking the traffic.
|
30 Apr 2017, 09:33 PM | #9 | ||
Essential Contributor
Join Date: Dec 2003
Location: Dover, NH, USA
Posts: 315
|
Quote:
Quote:
|
||
30 Apr 2017, 10:21 PM | #10 | |
Essential Contributor
Join Date: Jun 2009
Posts: 395
|
Quote:
How can one run a business that depends on E-Mail under threat that Fastmail may lock out the account? Should Fastmail lock out my account, how am I supposed to get in touch with FM? I went through this a couple of times a long time ago with Speakeasy. However, SE was in Seattle and did offer telephone support. FM is in Australia and doesn't offer telephone support. Hopefully, no one on this Forum will have her or his account locked out by Fastmail. -- Jacinto |
|
30 Apr 2017, 10:34 PM | #11 | |
Essential Contributor
Join Date: Dec 2003
Location: Dover, NH, USA
Posts: 315
|
Quote:
Company I've been with FM since 2003 and have not had any issues... so I wouldn't worry too much I HOPE lol... |
|
1 May 2017, 12:04 AM | #12 | |||
Essential Contributor
Join Date: Jun 2009
Posts: 395
|
Quote:
This is from the web page you referred to: Quote:
Quote:
Before I set-up a back-up mirror account with another provider, I would like to know whether or not a rule to forward a copy of all incoming messages to an outside account would be honored by FM while an account is locked out. Perhaps, someone on this Forum knows the answer? -- Jacinto Last edited by Jacinto : 1 May 2017 at 03:30 AM. |
|||
1 May 2017, 12:45 AM | #13 | |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,723
|
Quote:
|
|
1 May 2017, 09:13 AM | #14 |
The "e" in e-mail
Join Date: Jul 2002
Location: VK4
Posts: 3,013
|
The phone number is a fake one as its a Sydney phone number and Fastmail are in Melbourne which starts with +61 3
|
1 May 2017, 09:21 AM | #15 | |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,723
|
Quote:
|
|