A rant about why you should never sign up with Plusnet

Most of my friends told me I shouldn’t switch to Plusnet, and I thought I should give them a chance. I mean, really, I thought I’d be saving money here.

It was all fine and dandy when I first switched, for like pretty much a week.

What happened after first week you might ask?

Well, I started getting random latency spikes,  paid no heed to them for almost another week (5 days to be precise). When I got home after 12th day of being with them, surprise, surprise, can’t connect to anything. And that went on for about 3 hours (for about 3 days in a row), it took 30 minutes to just load their “Contact us” page ! (And yes, I did check the cabling first) So I obviously called them, reported the fault, and the engineer on the phone seemed very helpful and friendly. Told me he can indeed see the drops, and that he’s going to submit a request to fix them. It should all be fine in a week or so he said, and I believed him.

A week later, surely, my internet didn’t drop for 3 hours at a time, or download speed below 2 Mb as it had the week before. Except that it did, every 5 minutes, like clockwork.

EVERY 5 MINUTES, 10-30 seconds drop. Imagine how annoying that can be! Especially if you’re using an application with no persistent connection! That pretty much amplified the drop to about 1-2 minutes. Think about how you’d feel to be able to do only 3 minutes work at a time. I obviously had to resort to something else, so I started using my mobile data to be able to use my internet connection the way I want to.  And that went on until I switched over a month later.

I kept reporting the fault (about 4 times), and every time the fault would be attributed to the line, bad SNR, too high of a threshold for bandwidth etc. After I submitted my request to switch they informed me I have to pay them £98 for breaching the contract (funny how these issues started happening on last days of my “14 day grace period”).

The reason I would have to pay this turns out to me not allowing them to do everything they could to fix it, I must call for an engineer first. So I requested an engineer. I was told I can’t request an engineer until they rule out hardware issues, so I requested a new router, I was told it was going to arrive next working day. It never did. I later noticed I could actually see the order for a router. It was ordered, then cancelled, then ordered again, and cancelled again.

Then I switched and my 5 minutes disconnects/latency spikes went away! Hooray! Except that I still had to pay the exit fee.

I was of course furious at having to pay an exit fee after being provided almost no service for almost TWO months, so I made a formal complaint. Someone contacted me and they reduced the fee to about £44, as long as I paid it before 17th of February.

On 16th of February I decided to pay it, and I spent almost 2 hours on the phone trying to talk to a customer service assistant. Not all at once. First time I called it said “wait times approaching 15 minutes”, waited 25 minutes and no answer, had to go, hung up. 2nd time I called it said “wait times approaching 15 minutes”, waited less than 5 minutes and hung up. 3rd time it said “wait times approaching 30 minutes”, took 1h for someone to pick up!

Ok, I paid, nothing to worry about, right?

 

WRONG! 2 weeks later I get a letter from a debt collection agency to collect my outstanding debt of £56.

Good job Plusnet, I definitely hope none of my friends make the same mistake I did.

Preying on the job seekers

I’m now heading towards the end of an “era” as my time as a student is almost finished. That means, I can no longer delay getting a real “job” (not saying the one I currently have is not real), and that means having to deal with applying for jobs and getting spam sent to me by recruiters, or possibly malicious parties.

This time, I happened to receive a phishing e-mail. It looked very odd, made me feel suspicious and reassured at the same time. Someone was claiming there are job opportunities in my area with a company called “GJC Logistics Ltd”. Looking up company details definitely increased my suspicions, as the company appeared to be registered for barely 2 years, yet the money declared was less than £5k (so how would they afford to pay new staff?). They did seem to have a website, although, looking back to it, a lot of the features are not actually working.

phishing.PNG

(Click on the images to get a better view)

I suppose I should’ve got suspicious from just the fact someone tried to contact me for a job, not the other way around, not to mention the offer sounds too good to be true. I mean, c’mon 13.50 for a job where no experience is required?

I am a bit gullible by nature, and I really wanted to believe someone is actually interested to hire me and offer me decent pay! Sadly, that was not the case.

So yes, I tried to schedule an interview. In hindsight – bad move, what if I had downloaded something malicious? The interview was cancelled under the reason that something else has happened and that I’ll receive an e-mail about more information shortly. It was also rather odd that “Tim Marshall” who is a Recruitment Manager does not have a Linkedin profile.

The day after the interview was supposed to take place I received an e-mail telling me that they would like to make me an offer, although no formal interview has been conducted and sent me a copy of a contract with my name on it, which looked convincing enough. Close to my flat, 13.50 an hour, only aspect I didn’t like is that the job was too easy, and not very fulfilling (also, why would they pay 13.50 for a receptionist job, with no formal interview?).

There was a trick though:

phishing2

In order to complete the contract you needed to provide them with your NI# and a SC1 Basic, criminal background check, also including the name of a website that would be able to complete it. Thus, it became even clearer that something is definitely off about it, so I chose to investigate further.

Firstly, a criminal background check is called a DBS check (so why would you call it SC1 Basic?), and normally conducted by the employer not the employee. They try to convince you to pay for it by reassuring you they would pay you back for it during your first week. If they would pay back for it, why not conduct it themselves?

phishing3.PNG

Going to  www.smart-checks.com you get a list of features you can order, however you’d have to e-mail them to get a quote. So, since I didn’t have to pay anything for a quote,  I wanted to get more information. I received a reply within an hour with my quote – totalling it at £100 (typically £54), just for a criminal background check on fraud history (ironic, isn’t it?).

phishing4

So, they are trying to avoid “Merchant accounts” under the excuse the order would not be completed in time (in the e-mail “Tim Marshal” asks you to provide this in less than 10 days”).

Quite an elaborate phishing scheme, aiming at a large target pool (receptionist job, no experience required). They have attempted this scheme under several company names(e.g. Orange Duck Marketing), and websites for background checks (e.g. http://elitebackgroundchecks.com), however, Tim Marshall appears to be a common factor in most of them.

This is definitely not new, as it appears to be going on for over 2 years. The only possible explanation for it lasting so long is that the internet is still full of possible (uninformed) targets (and desperate job seekers).

Thoughts on Twitter

I’ve known of Twitter ever since its popularity started rising, however I’ve always felt reluctant using it. I didn’t see any point in posting short updates about everything I do, I didn’t feel the need for it. As such, I only got an account on Twitter about 2 years ago, and I’ve barely used it ever since.

Sure, it’s a great place to get updates on other topics, but I prefer feeds. Feedly.com is a great website to follow feeds, especially since RSS is no longer supported on Chrome.

However, I’ve found it to be especially great when you need to ask for short, quick advice, or to obtain specific updates, as you typically receive a reply in a very short time (much faster than e-mail!). From that point of view, it’s great!

Look down

You said “Look up“, but I chose to look down, for what’s above is just as cloudy as ever.

lookdown

It hardly feels like summer anymore, only the flowers around the town seem to think otherwise. I’m still wearing my winter jacket, and it’s almost mid-July. Having come back from my home country, where temperature was over 20° Celsius (up to over 30°) every day, I feel sad I can no longer wear my summer dresses.

Cowardice

If you look up the word cowardice, it’s described as the lack of bravery. Cowardice could therefore be interpreted as a choice, the choice of not being brave. The choice of rather hiding than facing your problems and fears.

I am a coward from many points of view. I’m afraid of heights, I’m afraid of doing anything too “crazy”, I’m afraid of being hurt, I’m even afraid of the dark (or rather the absence of light). But, that doesn’t mean I’m not also brave, I couldn’t have made it this far without facing at least one of the things that frighten me! I didn’t choose to embrace my cowardice, I only accepted it as a part of me.

So far, I’ve  tried to face as many of my fears as I could! And they slowly become less scary every single time! 🙂

In response to “Daily Prompt

Dionaea on Ubuntu 14.04

Installing, configuring and hiding Dionaea from nmap scans.

Dionaea is a malware capturing honeypot, which also features a VoIP module (of interest to me). It was originally developed under The Honeynet Project’s 2009 Google Summer of Code (GSoC).

My servers were running on Ubuntu 14.04, and it appeared most guides haven’t been updated since 12.04 came out. With thorough research, I found out that setting it up has become a lot easier, so much easier that I first doubted it was actually working, and tried to adapt the 12.04 guides. I believe there’s a lot of ambiguity surrounding it, as I can only access the original site (as I understand it) through the wayback machine.

So this is how I set it up:

Brian has been a life saver with his guide, which simply tells you how to get it up and running:

apt-get update
sudo apt-get install software-properties-common python-software-properties -y
sudo add-apt-repository ppa:honeynet/nightly -y
sudo apt-get update -y
sudo apt-get install dionaea-phibo -y
sudo service dionaea-phibo start

So yes, that’s really how easy it is now to get it started. However, that’s only the default configuration. He does tell you that you need to have a look at /etc/dionaea/dionaea.conf which is the configuration file for dionaea.

At this point I obviously had no idea how to configure it, so I kept searching for something that might explain it, and I found this . It’s quite a good basic configuration to make it into a VoIP honeypot (you definitely don’t want the http service running when dionaea is live). My only change is that I commented out the default submit section (sorry!). I didn’t find the first part useful as the script also installs kippo, and I found myself locked out from my ssh connection, sometimes even before the script finished installing (not to mention I didn’t want kippo).

Once I tried to scan it with nmap I realised it could easily tell it’s a honeypot, so I looked for a way to hide it. I found this other useful guide  by  which tells you straightforward, and nicely explains, what values should be modified to avoid identification.

The only problem left then was the ssh service; it would easily identify it as an ubuntu machine. Therefore, I made the service listen to 127.0.0.1 in its config file /etc/ssh/sshd_config (ListenAddress, uncommented).  As far as I can understand, you cannot change the way it recognises your machine as it’s hard coded, and is required in order to properly interact with other machines. Thus, the only option then was to get rid of it entirely. Don’t forget to restart the service!

service ssh restart

I got p0f to work by using this other guide, if you’re interested in it working for you.

At this point I realise there’s an awful lot of guides I used to get it up and running, none my original work, but since they were all so spread out, I thought it could be useful to have them all in one place!

It took me days to find the “right combo” but now it’s really easy to set-up a Dionaea honeypot – average 30 minutes set-up time. I’ve tried to extend it as well, but I couldn’t make any sense of the MySQL configuration (got everything else running), so if anyone could help me with that, I would highly appreciate it!
Bonus : You can get $50 credit for digitalocean using the github Student Developer Pack to set up your own servers! And another $10 if you use my referral link! 🙂

Elections

On 5th of June 2016 local elections were held in Romania, for mayor, local council and county council. My brother was one of the candidates in my area, and as a result I had a chance to go campaigning with him, for a couple of days. He didn’t win, but now can represent himself and others as a counsellor, and have their voices heard.

I’ve always known this area is in a bad state, I just never knew how bad it was: entire streets with no electricity, old women entirely helpless in times of need, roads missing or patched so many times it makes no difference to having none, schools being closed as nobody wishes to send their kids to them anymore, they’d rather send them to the schools in the city. The worse part is that it’s right next to the main city of this county! I suppose it makes sense since the city centre is still in “repairs” which were due last November.

But this is just one area, the problems are definitely not just here. The elected mayor for Rm. Vâlcea had been in jail for corruption (over 45% voted for him), and mayors elected in jail or sent to jail for the same reasons (winning up to 70% of the votes), and these are just a few examples.

If people really wanted change why would they vote for someone well aware of what they are capable of? It’s like a loving wife not leaving her husband although he keeps being unfaithful!

Odd jobs :)

During my past couple of years I’ve dealt with a fair number of jobs at PC Clinic, but some of them had quite the funny description! Rather hard to forget.

I remember getting into my office and open the job queue to see one description mentioning “User has problems with mother”. Well obviously the full word would’ve been “motherboard” but instead it was left there, at mother. In this context one could assume the user has parents issues but given that they called for us, probably not!

One note described that malware had been installed on the laptop. No, we didn’t mean any harm, just someone forgot to mention the full name of the program “Malwarebytes”, pretty much leaving the bytes out which makes it sound rather harmful. Hey mate, I see you got PC issues, let me install malware for you and fix it!

rcmelvk

Then there are the generalised ones, “User has laptop/pc issues”. Well, why else would they come to PC Clinic if the laptop was working perfectly fine, right? I suppose filling in jobs can be quite tedious and it’s easier to just generalise it! 🙂

The latest one however is “Internet gone from laptop”, now that is just hilarious! (Internet Explorer). Windows installation got corrupted and caused Internet Explorer not to open anymore, amongst other things.

Then we got the more common one “Install Microsoft” on laptop. (Microsoft Office)

Or there was one when we were told “Windows is unresponsive”, turned out the laptop wouldn’t power up at all, and upon looking into it, the most probable cause would’ve been some fault within the motherboard which we cannot fix here (no tools). But definitely not something Windows related!

I am loving them, makes my job little less boring and a bit more fun! 🙂

(although more ambiguous too)

 

 

Rant on drivers

I’m incredibly frustrated by my laptop’s drivers(Lenovo Ideapad Z500). Incredibly bugged, and not just in Windows 10(Lenovo doesn’t provide Windows 10 support for this precise model), had issues with them previously too. What happened on Windows 8 was that when updating my intel video driver my brightness would sit at lowest setting once trying to lower it- so I’ve had to go back to a previous version.

I was happy with that! Everything worked fine with the older driver, however after installing Windows 10 another problem emerged: if I keep the old version I cannot use my dedicated GPU and if I update it the annoying brightness issue reappears (you cannot imagine how annoying it is to be unable to change the brightness!). I’ve been seeing updates on the driver itself, probably 2 or 3 since I’ve noticed the issue the first time however it is still there and still very annoying.

I’ve learnt to work around it – choose a middle brightness setting then update the driver and never touch brightness settings again! It only triggers from function key though, changing Windows settings gets no response from it whatsoever. It’s not the ideal option, but still better than the alternative, which would be having no dedicated card! 🙂

 

 

Online Protection Basics

Most of the time anyone coming to the PC Clinic complains about “viruses”. When asked how does it behave they say “oh, a lot of stuff keeps popping up whenever I go to any webpage”. In my mind I’m pretty much thinking “ah, typical”. It is indeed the most common complaint we deal with, falling under the general term of malware (stands for malicious software).

Most of the time anyone coming to the PC Clinic complains about “viruses”. When asked how does it behave they say “oh, a lot of stuff keeps popping up whenever I go to any webpage”. In my mind I’m pretty much thinking “ah, typical”. It is indeed the most common complaint we deal with, falling under the general term of malware (stands for malicious software).

If you’re not sure what is real and what it’s not, you can always install an adblocker, for those aggressive ads which attempt to make you click them. Another quick defense is installing unchecky, which will typically warn you if programs attempt to install themselves in the background of a current install. Even better, if you download software from an untrusted source, never choose the express install. It doesn’t just install what you wanted, it will install a lot of other things in the background as well.

They are not generally that hard to remove, very few cases fall under more complex removal steps (e.g taking over your administrator rights, disabling updates etc.)

For everything else you can use this:

  1. If your PC is incredibly slow, a quick scan with AdwCleaner should give you some space to move.
  2. A full scan with Malwarebytes should remove the rest of them.                                        (Should do this every once in a while, say once a month)
  • from the “Scan” menu select “Custom”
  • check “scan for rootkits” and select your windows drive and any extra drive you wish to be scanned
  • start the scan
  • once the scan is finished it should display a list of items to be removed
  • remove the items it found

 

3. A lot of them tend to take over the browsers through extensions, so check your       current extensions you have. Below is an example for chrome, if anything’s there that you didn’t install yourself, please remove. 670px-change-google-chrome-extensions-settings-step-4

Sometimes the browsers themselves may be hijacked and that requires further steps.

If your problem is more difficult than this do message me if you wish.