Not sure, but this past few days gave me some strange indications that something was up on more than my client’s accounts. It all began with his hard drive (the actual hard drive assembly) having a complete failure. All data lost for regular recovery methods, this is one where the drive has been sent to a specialist that can possibly bring a dead drive back to life. Lesson all too well learned: Have backups.
Net impact of the failure of the drive: Time to upgrade to a new computer that supports RAID 1 (mirroring), so there is a completely redundant drive in place at all times. Next, reload Windows 7 and all the programs. Run updates (over 200 of them) and, from a drive replaced from last summer, get as much data as possible to use as a jumping off point. Done!
Now: Set up Outlook 2010 and configure for the emails. After digging out the server settings, they are there and the “Test Account Settings” are working. Check the Inbox. Nothing. Look in the Sent box. Nothing. Rinse, wash, repeat. Nothing, nothing, nothing. Of course, I checked, double checked and triple checked. Mail was coming in to Outlook, but the odd thing was a regularly sent email would appear to process through and show in the Sent box after moving via the Outbox, but no one was receiving anything. Set one of the accounts up on a separate computer. Same results. Disabled all the security systems in case I had a firewall issue in the new installation that may be blocking ports needed that I had set before. Still nothing. Swirling all around this were other things to get the business back to full capability. The end of the first day, I hadn’t figured it out, but I still believed it was on our end.
Day 2 came and in between the rest of the work to get moving forward, I had time to pick up the phone and contact Network Solutions provider for eMail support, Webs.com. The tech and I checked the settings and verified the account testing built into OutLook was working. He “reset the server.” Told me to wait about 15 minutes, then try again. I did….same results.
Day 3: Convinced it wasn’t me causing the problem, we contacted the support line. This time I went to the web based mail and was able to send and receive mail without problems. After some discussion of the settings, the testing, the POP3 accounts (about 20 minutes), the tech said the email accounts was suspended. Of course I wanted to know why, but, since I wasn’t the account owner, they said they couldn’t discuss it with me. Unfortunately, the owner was out at meetings, unable to get on the phone. I hung up and called later. One of the interesting things greeting me as I began the wait on hold was an announcement that if you’re using the web mail, your server might periodically go down and to try logging back in. Interesting. So not only am I having issues, sounds like someone else is. In this session, the tech told me that the passwords for the email accounts weren’t strong enough (from a security standpoint) and they had to be changed. Good reason to do so anyhow, so I did, following the direction to use at least one capital, one number, and one special character and have a length between 8 and 14. I did so, told the tech it was done and he said he’d lift the suspension, but had to call me and verify the account administrator was who he had been talking with (I had been added to the account by now). I told him I wasn’t at the office (since I had gone home) and asked if he had the number (assuming caller ID got recorded) and told him I wasn’t at the office. He acknowledged, hung up and my phone never rang.
About 20 minutes later, I checked the mail email account for incoming and there was one, saying no one answered the phone for validation. The number listed in the email was the office line. First I went to log back into the management account and a warning came up on the screen saying account management wasn’t available and to try again in about an hour. Seems to me more significant technology issues.
I called and the greeting message was that they were doing an emergency server replacement. This was the global message on the support line, before it even took you to the push this number prompts, so now I sense something is amiss. Add to this that the time from the earlier call to this one was about 4 hours. I gave up, it being about midnight by now.
Got up early, picked up the phone and called the support line, after logging into manage the account. This time there was no warning about the management function being down, so in I went. I will admit I was, let me say, terse with the tech who answered. I rapid fired the problem that began, the steps that had been taken and the dis-connect from the evening before, and added that it was now the fourth day of my client not being able to use the mail accounts, that were paid for and receiving. The answer was the password had to be strong when the scanners checked it, otherwise it couldn’t be unsuspended. I responded that the passwords had been changed last night, then summarized the correct implementation of their guidelines, and clearly stated they had suspended the accounts with no notice to the client, and now had kept him offline for 4 days. At that point she said she would lift the suspension, and it should be cleared in about 10 minutes. She added a warning that if the scanners saw it didn’t meet the specs, it would suspend them (note: automatically) again.
Analysis from my intelligence gathering training:
Network Solutions, for some reason, most likely as another barricade to email accounts on their servers being hacked into, has instituted an automated process to ensure email account passwords meet a minimum security standard. I agree. What bothers me is the client had no notice from them when the automated system injected itself into the process.
Network Solutions was making emergency replacements of servers, telling me either a major physical disaster happened (fire?), or they had been compromised so badly, they had to take them offline.
The observed issue of the notice that if you’re using webmail, you might be logged off, combined with the emergency server replacement tells me the issue happened in the email department.
I did a search as soon as I got off the phone this morning and checking the unsuspension. No indication of a breach at Network Solutions, but…sounds like something happened if a company that size, something happened for sure.