cancel
Showing results for 
Search instead for 
Did you mean: 

Plusnet Username publicly visible via IP Locators

FIXED
DdAaNn
Dabbler
Posts: 11
Thanks: 4
Registered: ‎17-12-2022

Re: Plusnet Username publicly visible via IP Locators

Hi @Townman,

Thanks for your feedback, that's useful information to know. Will the relevant staff pick up the request from this comment/thread or so I need to make a more official request?

Thanks again
Townman
Superuser
Superuser
Posts: 24,097
Thanks: 10,260
Fixes: 176
Registered: ‎22-08-2007

Re: Plusnet Username publicly visible via IP Locators

I am sure that this thread will be sufficient to garner assistance from a staff member...

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

seebee
Aspiring Pro
Posts: 107
Thanks: 80
Fixes: 9
Registered: ‎08-07-2017

Re: Plusnet Username publicly visible via IP Locators

I thought that if you were on a dynamic IP, but had turned on the Broadband Firewall in the Plusnet portal that would happen to give you a reverse IP name of username.plus.com

The Plusnet Broadband Firewall is controlled here - Broadband Firewall | Member Centre | Plusnet

I have mine set to off, and don't have time to test it this morning, so have a reverse address like x.x.x.x.dyn.plus.net - I'm sure in the past when I have turned it on, I then get a reverse of username.plus.com

Its mentioned here by @Gandalf - Re: Help with user name, account name. - Page 2 - Plusnet Community

"...To clarify the bit about the static IP you do have one we've automatically added free of charge, because the broadband firewall is activated. We'd automatically apply a static IP if you enable the broadband firewall, ..."

jab1
Legend
Posts: 19,267
Thanks: 6,341
Fixes: 290
Registered: ‎24-02-2012

Re: Plusnet Username publicly visible via IP Locators

@seebee Now you mention it... Never had the BB firewall on, so that's why I always had a dynamic IP. Presumably it had to be static for the firewall to work?

John
MisterW
Superuser
Superuser
Posts: 16,334
Thanks: 6,275
Fixes: 449
Registered: ‎30-07-2007

Re: Plusnet Username publicly visible via IP Locators

Yes, I believe if you turn on the firewall you will get allocated a static ip

It's to do with routing changes to allow the firewall, to work

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

DdAaNn
Dabbler
Posts: 11
Thanks: 4
Registered: ‎17-12-2022

Re: Plusnet Username publicly visible via IP Locators

I do have the BB firewall switched on at the 'Low' setting.
Hopefully a staff member will show up shortly to correct my rDNS so it stops showing my personal information.
jab1
Legend
Posts: 19,267
Thanks: 6,341
Fixes: 290
Registered: ‎24-02-2012

Re: Plusnet Username publicly visible via IP Locators

@DdAaNn It is Sunday - low staff levels, and posts are picked up in earlyist-latest sequence.

John
Townman
Superuser
Superuser
Posts: 24,097
Thanks: 10,260
Fixes: 176
Registered: ‎22-08-2007

Re: Plusnet Username publicly visible via IP Locators

Interesting linked to post. That looks like an inexpensive means of obtaining a static IP and protecting one’s connection in one fell swoop!

Off topic but I could only smile at the delusional concerns over security risk of a static IP address. Sure AV vendors will seek to install fear as that bolsters their sales pitch. The reality is that any assigned IP address is effectively static … unless your broadband suffers frequent and prolonged disconnections!! A dynamic IP address is assigned for the duration of the PPP session. If the PPP session break is brief, there is a good chance that the same dynamic IP address will be reacquired especially as these are now assigned in the local exchange.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

jab1
Legend
Posts: 19,267
Thanks: 6,341
Fixes: 290
Registered: ‎24-02-2012

Re: Plusnet Username publicly visible via IP Locators

Thanks, @Townman . As you say, AV manufacturers need to instil fear to keep selling their 'new, improved' kit, which generally does nothing but gobble resources. I have 'Avast' installed on my Windows machine and the garbage it keeps reporting as a 'threat' makes me burst out laughing.

The Linux machine -no such garbage from Clam AV, which I often forget is there, it is so unobtrusive, in fact in my configuration, I have to manually 'wake' it if I suspect there maybe an issue - always come back clean, though.

John
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,930
Thanks: 5,017
Fixes: 317
Registered: ‎04-04-2007

Re: Plusnet Username publicly visible via IP Locators

Fix

@DdAaNn - I've requested that the reverse DNS for your IP address is changed. Will likely take a day or two.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

DdAaNn
Dabbler
Posts: 11
Thanks: 4
Registered: ‎17-12-2022

Re: Plusnet Username publicly visible via IP Locators

@bobpullen Thanks for your help with this. I'll wait for it to be update and then mark the ticket as solved.

As a note isn't it bad practice for Plusnet to display usernames in the rDNS like this? Seems like it could easily be a security issue to be giving out usernames openly like this, even more so when usernames will often contain a users full name as is my case.

 

Thanks

Townman
Superuser
Superuser
Posts: 24,097
Thanks: 10,260
Fixes: 176
Registered: ‎22-08-2007

Re: Plusnet Username publicly visible via IP Locators

No, not at all, it is normal good practice for rDNS to resolve an IP address back to the URL used to look up the IP address. It is a well used security check that a resource is what it claims to be.

Now if you asked if it is wise for an account name to be used as part of the domain name on that account … such would be a more searching question about best security practices.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

DdAaNn
Dabbler
Posts: 11
Thanks: 4
Registered: ‎17-12-2022

Re: Plusnet Username publicly visible via IP Locators

Yep, apologies, this is what I was (rather clumsily) trying to say.

Seems as if this is something that should be looked at at a higher level than just updating the rDNS when a user stumbles across it and reports it as I did.

jab1
Legend
Posts: 19,267
Thanks: 6,341
Fixes: 290
Registered: ‎24-02-2012

Re: Plusnet Username publicly visible via IP Locators

Out of curiosity, I wonder how long this situation has lasted, and has it had any adverse effects during that time?

John
Townman
Superuser
Superuser
Posts: 24,097
Thanks: 10,260
Fixes: 176
Registered: ‎22-08-2007

Re: Plusnet Username publicly visible via IP Locators

It impacts only a small portion of the user base - those with static IP addresses by whatever means. I suggest that on the basis that a user has a strong password on their account the exposure here is not significant, even if the practice is deemed not ideal.

IIRC on account sign up there is a clear warning that the account name does become exposed in one’s domain name (email address in the days of email being part of the package).

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.