NinerNet Communications™
System Status

Server and System Status

NC036: Post-mortem

21 September 2020 08:42:47 +0000

As noted in the previous two posts, there was a virus outbreak on server NC036 (the primary mail server) this morning. Apparently the machines associated with five email accounts on three domains were compromised, allowing criminals to use those accounts to send thousands of viruses. These were intercepted by our anti-virus scanner, but due to the volume of activity on the server we had to shut down the SMTP side of the mail server while we determined which email accounts were compromised, suspended them and removed their messages from the mail queue.

Please note that what happens in almost all cases when email accounts are compromised is that the computer (or one of the machines or devices on which those accounts are configured) is what is actually compromised; it is not the server. The account owner’s machine is usually infected with a virus or other malware, and the account’s password is then transmitted to the criminals behind the virus. They then launch an attack via the legitimate and correct password. It’s as if your car was stolen and the thief used it to commit a crime; the car behaved as it was told by the guy with the key, but is not responsible for the crime. On the other hand, the owner of the car may have left the key in their car and the door unlocked, contributing to the compromise. This is why it is vitally important that you have anti-virus software installed on your computer, and kept up-to-date.

If you have any questions about this, please feel free to contact NinerNet support, and we’ll be happy to answer your questions or concerns. Our apologies for the interruption.

Zero-day virus getting through the mail server

6 August 2020 13:39:04 +0000

Within the last four hours we have been made aware of a trojan that is getting through our anti-virus scanner undetected. Once we were able to determine the file types that were attached to the emails, we blocked those kinds of attachments from being delivered to the server. Doing so also resulted in our being able to compile a list of sources of the offending messages, and we have been busy blocking email from scores of IP addresses.

Although we do scan both inbound and outbound email in real time for viruses, we do very strongly recommend that you have an anti-virus program installed on your local computers so that if anything does get through, it will protect your machines. Please remember that unsolicited attachments from unknown senders are extremely risky for you to open; even attachments from known senders are risky; please contact the sender through some other method — e.g., a quick phone call or text message — to confirm that they sent it and that it is safe to open. Even then you should first ensure your anti-virus software has been updated, save the file to your hard drive, and then manually scan it for viruses. Only if you have carried out all of the above should you consider opening the file.

Please remember that the responsibility for the safety of your computer and your data is ultimately yours.

We expect that the anti-virus vendor will update their virus signatures in due course. Until then we will be blocking all attachments that look the same as this particular outbreak. If you have a correspondent who needs to get a blocked attachment through, please tell them to compress the file and send that attachment instead.

If you have any questions, please contact NinerNet support. Thank-you.

Mail server latency issue resolved

30 September 2019 23:25:22 +0000

This issue on server NC036 appears to have been resolved, although we are awaiting official confirmation from the data centre. Should there be no change of status this issue will be closed with no further update here.

As always though, if you have any issues or concerns please contact support. Thank-you for your patience.

Email server (NC036) latency issue

30 September 2019 22:28:56 +0000

We are aware that connections to the primary mail server (NC036) are slow to the point they are timing out. We are told by the data centre where this server is located that this is an infrastructure issue of which they are aware and on which they are actively working.

We apologise for this temporary inconvenience. We will post further updates here as necessary or when the issue has been resolved. In the meantime, if you have any questions or concerns, please contact support. Thank-you.

NinerNet home page

Systems at a Glance:


Loc.SystemStatusPing
Server NC023, London, United Kingdom (Relay server), OPERATIONAL.NC023OperationalUp?
Server NC028, Vancouver, Canada (Monitoring server), INTERNAL.NC028InternalUp?
Server NC031, New York, United States of America (Web server), INTERNAL.NC031InternalUp?
Server NC033, Toronto, Canada (Primary nameserver), OPERATIONAL.NC033OperationalUp?
Server NC034, Lusaka, Zambia (Phone server), INTERNAL.NC034InternalUp?
Server NC035, Sydney, Australia (Secondary nameserver), OPERATIONAL.NC035OperationalUp?
Server NC036, Amsterdam, Netherlands (Mail server), OPERATIONAL.NC036OperationalUp?
Server NC040, Toronto, Canada (Web server), INTERNAL.NC040InternalUp?
Server NC041, New York, United States of America (Web server), OPERATIONAL.NC041OperationalUp?
Server NC042, Seattle, United States of America (Status website), OPERATIONAL.NC042OperationalUp?

Subscriptions:

RSS icon. RSS

Twitter icon. Twitter

Search:

 

Recent Posts:

Archives:

Categories:

Links

Tags:

.co.zm domains .com.zm domains .zam.co domains back-up bounce messages browser warnings configuration connection issues control panel database dns dos attack dot-zm domains down time email email delivery error messages ftp hardware imap mail mailing lists mail relay mail server microsoft migration nameservers network networking outlook performance php phplist pop reboot smtp spam spamassassin ssl ssl certificate tls tls certificate viruses webmail web server

Resources:

On NinerNet: