SMS Via Web Messages may only sent via Exetel IP Addresses

Queries, errors or glitches regarding Member facilities
Yabbie
Posts: 123
Joined: Fri Dec 01, 2006 10:51 am
Location: Mornington Peninsula (VIC)

Re: SMS Via Web Messages may only sent via Exetel IP Addresses

Post by Yabbie » Fri Nov 14, 2008 1:58 pm

William M wrote:Unfortunately in regards to the Exetel IP address restrictions, they shall be in place indefinitely until such time as the Directors of Exetel wish to remove the restrictions.
Cheers Will
That's dumb! There is no point in even limiting the number of messages you can send if there is still the stupid IP address restriction in place!?!?!?! :evil: :evil:

Surely Exetel can allow some way for customers to 'opt in' to sending from any IP address?

syncmaster
Posts: 43
Joined: Fri Sep 14, 2007 10:15 am
Location: Sydney

Re: SMS Via Web Messages may only sent via Exetel IP Addresses

Post by syncmaster » Fri Nov 14, 2008 2:41 pm

I just realised this restriction today at my office. and I join others here with strong objection to this restriction.

At least Exetel should give us an option to choose if we want to restrict or not.
I request Exetel management reconsider this function for their customers.

Yabbie
Posts: 123
Joined: Fri Dec 01, 2006 10:51 am
Location: Mornington Peninsula (VIC)

Re: SMS Via Web Messages may only sent via Exetel IP Addresses

Post by Yabbie » Fri Nov 14, 2008 2:43 pm

syncmaster wrote:I just realised this restriction today at my office. and I join others here with strong objection to this restriction.

At least Exetel should give us an option to choose if we want to restrict or not.
I request Exetel management reconsider this function for their customers.
+1.

syncmaster
Posts: 43
Joined: Fri Sep 14, 2007 10:15 am
Location: Sydney

Re: SMS Via Web Messages may only sent via Exetel IP Addresses

Post by syncmaster » Fri Nov 14, 2008 3:13 pm

ForumAdmin wrote: Yesterday we became aware that it was possible to hack in to a user's account/user facilities and then activate an SMS service to send (in one case over 100,000) before we stopped it.

As this happened to more than one account we had to, immediately, take actions to stop that incidence of abuse which required more draconian restrictions than we may subsequently put in place.

As, undoubtedly, the customer who is about to be asked for a 'security deposit' for the $A5,000 + charge he racked up in 2 hours for sending SMS will be a little taken aback I'm sure you wouldn't get the same demand.

We will work on eliminating this problem and then resume offering the service - but almost certainly with a 'send limit' and/or the requirement to pre-pay for the service.

Any suggestions you have will be welcome
If this was the reason for this restriction, please set a reasonable amount of daily SMS limit, then Exetel can gain confidence that the unauthorised activities can be prevented with minimal - so the impact and inconvenience to other no-affected users will be also minimal.

Please consider the alternative plan to rectify this situation at earliest convenience- many users are suffering inconvenience.

flak
Posts: 153
Joined: Thu May 20, 2004 7:17 am

Re: SMS Via Web Messages may only sent via Exetel IP Addresses

Post by flak » Fri Nov 14, 2008 3:30 pm

Can I ask how the user's account was compromised? Did they give their details away, was it through a keylogger, or were the user facilities hacked?

Yabbie
Posts: 123
Joined: Fri Dec 01, 2006 10:51 am
Location: Mornington Peninsula (VIC)

Re: SMS Via Web Messages may only sent via Exetel IP Addresses

Post by Yabbie » Fri Nov 14, 2008 3:32 pm

flak wrote:Can I ask how the user's account was compromised? Did they give their details away, was it through a keylogger, or were the user facilities hacked?
Good question, you have to login via https, which I thought was secure. If it was a matter of a user not being careful with his/her details, then why are we all being punished?

William M
Posts: 510
Joined: Wed Mar 21, 2007 1:28 pm

Re: SMS Via Web Messages may only sent via Exetel IP Addresses

Post by William M » Fri Nov 14, 2008 4:02 pm

Hi All,

I believe you're all missing the point. Regardless of how they were compromised, the main underlying reason why these preventive measures have been put in place are your security.
As simple as it is to comment on the inconvenience caused to your own personal experience, I believe you're ignoring the fact that as I've stated before that very few people send more than 10 message per month. On top of that Exetel have advised that should you wish to have your limit increased you may do so by requesting an increase from your User Facilities.
Good question, you have to login via https, which I thought was secure. If it was a matter of a user not being careful with his/her details, then why are we all being punished?
Since when was the purpose of Exetel to punish its users? Again, I can't reiterate enough that this is again placed for user security. As you may personally feel secure increasing your limit from $5.00 per day to $10.00 or $20.00 per day, that is your choice which is available to you. Simply ask for an increase which can now be requested from the User Facilities and it shall be granted. I really do not see an issue with this process.

In regards to the IP address restriction, I again understand the frustration and inconvenience, though this is for you security. When such time as the security of all users can be assured from such a situation occurring again the restrictions would then have very little significance but until that time you will be required to use the standalone application which is not IP restricted. I cannot see the point in allowing someone to 'opt in' to allowing an IP Address, because should your account be compromised, the person may very well authorise his own IP Address.

Cheers Will

Yabbie
Posts: 123
Joined: Fri Dec 01, 2006 10:51 am
Location: Mornington Peninsula (VIC)

Re: SMS Via Web Messages may only sent via Exetel IP Addresses

Post by Yabbie » Fri Nov 14, 2008 4:17 pm

William M wrote:
Good question, you have to login via https, which I thought was secure. If it was a matter of a user not being careful with his/her details, then why are we all being punished?
Since when was the purpose of Exetel to punish its users? Again, I can't reiterate enough that this is again placed for user security. As you may personally feel secure increasing your limit from $5.00 per day to $10.00 or $20.00 per day, that is your choice which is available to you. Simply ask for an increase which can now be requested from the User Facilities and it shall be granted. I really do not see an issue with this process.
Cheers Will
I'm not worries so much about increasing my limit, I want to be able to use the web facility from *any* IP. The stand alone app is ordinary (no address book for starters). Exetel is punishing customers by restricting *everyones* use because of a few people allowing their accounts become compromised.

jokiin
Volunteer Site Admin
Posts: 2970
Joined: Mon Feb 02, 2004 10:23 pm
Location: Sydney

Re: SMS Via Web Messages may only sent via Exetel IP Addresses

Post by jokiin » Fri Nov 14, 2008 4:21 pm

Yabbie wrote: The stand alone app is ordinary (no address book for starters).
Mine has an address book, which app are you using?

William M
Posts: 510
Joined: Wed Mar 21, 2007 1:28 pm

Re: SMS Via Web Messages may only sent via Exetel IP Addresses

Post by William M » Fri Nov 14, 2008 4:29 pm

Unless I'm mistaken, the standalone does have an address book.

Cheers Will

Yabbie
Posts: 123
Joined: Fri Dec 01, 2006 10:51 am
Location: Mornington Peninsula (VIC)

Re: SMS Via Web Messages may only sent via Exetel IP Addresses

Post by Yabbie » Fri Nov 14, 2008 4:32 pm

jok11n wrote:
Yabbie wrote: The stand alone app is ordinary (no address book for starters).
Mine has an address book, which app are you using?
Mine does too, I'm just blind. You have to sync them if you want to use the address book in multiple places, but I guess it's doable.

flak
Posts: 153
Joined: Thu May 20, 2004 7:17 am

Re: SMS Via Web Messages may only sent via Exetel IP Addresses

Post by flak » Fri Nov 14, 2008 4:52 pm

William M wrote:I believe you're all missing the point. Regardless of how they were compromised, the main underlying reason why these preventive measures have been put in place are your security.
I believe you're missing my point. The security of a user's user facilities has been compromised, I believe it is a reasonable question to ask if this was via a hole in Exetel's security or user error.
William M wrote:I believe you're ignoring the fact that as I've stated before that very few people send more than 10 message per month. On top of that Exetel have advised that should you wish to have your limit increased you may do so by requesting an increase from your User Facilities.
I'm not ignoring that fact, especially since I fall into that bracket, not even using my 20 free SMS each month. I would just like to know how the criminal activity was perpetrated and if I am at risk (no matter how small the risk now is).

William M
Posts: 510
Joined: Wed Mar 21, 2007 1:28 pm

Re: SMS Via Web Messages may only sent via Exetel IP Addresses

Post by William M » Fri Nov 14, 2008 5:06 pm

Hi flak,

Simply a user's account was accessed without their authorisation which was not due to Exetel security.
I would assume it would be due to http://forum.exetel.com.au/viewtopic.php?f=13&t=29605 which unfortunately the customer was duped into following. Though, it may also be totally coincidental.

Whether you're at risk, I'm unsure as I don't know whether you've personally received the fake email or replied to it. If you have, I highly suggest changing your account password.

Cheers Will

flak
Posts: 153
Joined: Thu May 20, 2004 7:17 am

Re: SMS Via Web Messages may only sent via Exetel IP Addresses

Post by flak » Fri Nov 14, 2008 8:42 pm

William M wrote:Simply a user's account was accessed without their authorisation which was not due to Exetel security.
Thanks for that, it's all I was after.

RazzaDazzla
Posts: 10
Joined: Thu Nov 13, 2008 10:07 am
Location: Sydney

Re: SMS Via Web Messages may only sent via Exetel IP Addresses

Post by RazzaDazzla » Fri Nov 14, 2008 11:05 pm

how does limiting IP addresses = security? If a malicious person had access to a compromised account, i'm sure they would be clever enough to spoof an IP address.

Also, how does being able to send via the standalone util = better security? If an account has been compromised, surely the malicious person could download the app and add a user to stand alone app via the add user feature.

Allow access from any IP. Put a limit on the number of SMS that can be sent. Perhaps maybe 20 a day ($1). Why not write a program that detects if the daily/monthly sms usage is x % more than previous days / months? If usage is exceeded, have an email/SMS sent to the registered users details asking if this is legitimate usage. Or force the user to contact exetel with other personal identifying details that only the user would know (DOB, address, secret question etc)

There is a better way then limiting IP access to the web SMS.

Post Reply