User Profile
MarkJFine
Professor
User Widgets
Contributions
Some info on recent spam
I've seen a lot of discussion recently regarding an influx of spam seemingly originating from *.wemystic.com, pnc.si, tenova.com, and now waveapps.com. All of these are from valid domains with valid websites, mostly behind the Cloudflare content delivery network and their emails are mostly backed by GoogleUser email servers. But that doesn't necessarily mean they are real, it just means that the spammers have done a good job of hiding themselves. Many spammers use malicious software to infiltrate an email server. It uses valid email addresses that pass certain validation tests on the email server they've targeted to send their spam, including SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) - these fool the email server into allowing a spammer to appear like a valid email user. On the receiving side it also fools spam detection software into thinking it's valid, making it difficult to trap and filter out. There are other tells involving rDNS (Reverse-Domain Name System) (and others), but I don't want to over-complicate this. Making matters worse, the email servers provided by Google (aka googleuser) to third party users (such as those listed above) have been more or less overrun by Chinese 'spambots' over the past year and Google isn't doing much if anything about it. These are essentially robots that are flooding the internet with an immense amount of spam, consisting of mostly of fake phishing emails designed to get your login credentials to a specific site or attempt to sell you something as a third party partner. How those spambots get installed is another story, since these guys have gotten really good at hiding malicious code and 'plugins' that are used by various websites (as well as phone apps). They've also gotten real good at scanning the entire internet looking for websites with poor security protocols and taking advantage of any security vulnerabilities that aren't patched. They're also getting good at using AI to create spam that appears like normal email to the commonly used spam filtering software, such as SpamAssassin. To say this is a huge problem would actually be an understatement. I received 37 spam emails yesterday on my private, non-HughesNet email server, originating from various sources, mostly from googleuser and Asian domains, as well as normal user ISPs. The key was that a lot of it was similar-looking stuff, indicating that it was all botnet-generated spam from malware-infested websites and people's phone apps. So enough of the mind-numbing background of how it gets there, here's what you can do to protect yourself: 1. Stop using your email address as a UserID: Many of these operate off of bulk lists of email addresses that were either found on the dark web or purchased from a company that you've used that address as your userid. I can tell you that HughesNet did not sell their email list, otherwise I'd be inundated like the rest of you, and I'm not. I have my own website-based email server and rarely use my HughesNet address except for the occasional discussion with HughesNet personnel. So what's happening here is the former. Chances are you have a Facebook account or some other social media account that your userid is your HughesNet email address, and it's been sold to nefarious people by that company. Once it's out there, it's out there and there's nothing more you can do about that. But, you can ensure it doesn't get worse by using something other than your HughesNet email address when signing up for things. 2. Block whole domains, not email addresses: Amanda has already provided a process by which you can block email from a specific domain - not the whole email address, just the part to the right of the '@'. Spammers usually rotate what they use on the left side of the '@' so entering the whole email address will be fruitless. To enter the whole domain is usually done by simply entering something like `@*.wemystic.com` or `@wemystic.com`. The asterisk in the first one can indicate that anything ('sm', 'e', 'email') will fit the pattern for email domains that have two dots. Doing this should filter everything coming from that domain. 3. Don't open unsolicited email: If you get any of these emails - don't open it. Just adjust your filtering if necessary, then delete it, and forget about it. If you happen to open it by mistake, don't click on any embedded links or open any attachments. Nine times out of ten those links will either validate you as a real email address, or worse, much worse, bring you to a site that will install a keylogger on your computer. A keylogger records every userID and password you use and sends it to someone that can hack your credit cards, bank accounts, or other financial institutions. Don't click anything in an email! Segue to... 4. Use 2FA (2-factor authentication) for added protection: As an additional precaution, it is highly recommended that you use some form of 2FA to access these kinds of sites. A good example is using Google Authenticator, which is the software equivalent of an RSA keyfob that generates a six-digit code every minute. If the six-digit code doesn't match, they're not getting in. Last week I got repeated emails telling me someone was trying to hack and change the password to my Instagram account (which I rarely use anymore). I added 2FA to the account and the emails suddenly stopped. Again, segue to... 5. Delete all unused or dormant accounts: As I previously mentioned, unscrupulous companies sell user information for added revenue. Social media companies are notorious for this. If there's something you're not using or don't plan to use, delete the account. The next time they cull their user list for sale you won't be on it. And lastly... 6. Remember to change your passwords regularly and try not to reuse them: Look, I stink at this too. We all do. But once your userid/password pair is on the dark web there will be a ton of misanthropes trying to hack your accounts. You just make it that much easier for them if all of them use the same password. At least don't use the same pair you use for your bank login that you use for Facebook - that would be inviting disaster. There are lot of other common-knowledge/common-sense things I could add here, but I'll not bore you with them. Feel free to ask me any questions if you have any. I usually check in here in the mornings and try to reply if I can.23Views2likes0CommentsRe: I feel cheated/scammed
I happen to be a long time customer that assists the admins with trying to help other people on this message board. I do this without throwing angry insults at people that I don't know, nor trying to stoke other people's anger and discontent. Your response goes to prove my point you're just a malcontent, stirring the pot with zero to offer anyone. Not a good look. Friendly advice: Keep spamming this and other people's trouble tickets with your unhelpful vitriol and see how much help you get from anyone. After this, you'll certainly not get anything from me. Try to have a nice day.31Views0likes0CommentsRe: I feel cheated/scammed
ctafolla02 KathyVoss needs some personal information (your SAN and/or phone number) in order to locate your account. She can't help you solve your problem without it. She can message you, but it would be a whole lot quicker and secure to send her the information she asked for in a private message.218Views0likes0CommentsRe: Guest WIFI connects to wrong IP and subnet
Are you certain it's 43 and not 42? I can't speak for every configuration, but I believe on newer HughesNet systems, the 192.168.10.0/24 block is reserved for locally connected devices (such as the WL3000 and quite possibly the mesh units) in the routing table. The 192.168.42.0/24 block is reserved for user devices, which is why DHCP is defaulting to that. Therefore, anything routing through the wifi or ethernet ports should conform to 192.168.42.0/24 IPs. I may be remembering it wrong, but I think it's been this way since they moved to the HT3000W modems. I would not recommend messing with the modem's routing table, because it could feasibly render the local LAN unusable and then require tech support to get it working again. This is especially true if you use the wifi to administer the modem.60Views0likes0CommentsRe: Mail Delivery System, Mail delivery failed:
Delete it and forget about it. It's likely a fake bounce message being used by scammers to get you to verify your email address to them. If you were able to check the content you'd probably see that the email they're complaining about did not originate from IP related to HughesNet's email servers. The alternative explanation is that you have malware that is acting as a spambot, but that's not as likely. Those usually forge the From: email address to be something other than your actual address so the bounce message would have gone somewhere else.254Views0likes0CommentsRe: I saw Hughesnet is ending, Starlink suggested. Is this true?
If HughesNet's business history tracks, they've never shut anyone off unless a particular satellite was going out of service and the user didn't upgrade. Revenue is still revenue and cash is king, and those satellites still have to recover costs. I really doubt they'd turn off an existing known revenue stream, thinking they can make it up with an unknown market projection. Based on that I'd be willing to think the plan would be to discontinue any future residential service applications in favor of focusing on business terminals. As long as residential customers continue to pay and remain on contract they'll just let attrition take it's natural course. But I really doubt anyone would be cut off if they didn't take any prospective StarLink offer. I would also expect a reduction in any kind of sunk cost/investment towards residential user support, which might include this site. Again, this is just supposition on my part based on past history.390Views1like3CommentsRe: Streaming
Sometimes the Video Optimizer has a problem with 4K streams and times out. I've not noticed this on Paramount+ (yet), but have noticed it on some Amazon Prime ads. If you have the Video Optimizer engaged, you can temporarily disable it using the HughesNet phone app (Usage->Video Optimizer->Off) and then restart the stream. Remember to re-engage it once the stream starts, otherwise it will use a ton of data.75Views0likes0CommentsRe: Slow internet
14.4.1 is an issue with the Fusion Acceleration Appliance. This could be one of two things: Either the vsat side was overloaded and lost it's connection to the acceleration server, or the wireless side was slow/unresponsive at the cell tower. The former is usually what happens. However, this is usually a temporary condition and usually clears up after a few minutes. That said, if you're in a remote area served by only one cell tower, and that tower loses power or is under maintenance it could last for days.60Views0likes0Comments