News and Updates

June 7, 2018 – We’ve received a few reports of customers getting scam emails which are attempting to capture usernames and passwords.   The email looks similar to this:

–BEGIN

To All,

Due to routine maintenance and enhancements, the following programs or systems access will not be available for use.
Network Systems
•           Access from district desktop computers (i.e. district drives-V:, W:, U:, T:, etc.)
•           VPN Access from outside the district
•           Wireless Network or Internet Access from laptops or tablets
•           E-mail-via Outlook, Outlook Web, and Smartphones
•           Adobe Connect
•           Enrich
•           Online employment application system
•           Nutrition Services MCS and PCS
•           Oracle
Please Maintain Here<phishing link/> access  systems programs.
Follow the procedure and complete information by clicking MAINTAIN HERE<phishing link/> .A new space will be created within 24 hours which will give you access to the above.
If maintenance is not done within the next 24hour(s) Your next log-in Access will be temporarily declined.
Thank you
IT Maintenance Services.

–END

The email is linked to a page which is not fully in English and does not look very convincing, but we still wanted customers to be aware of this and to know that it is a scam.

If there are any questions about this, please email us at support@internetpro.net or call 256-547-6817.

We’ve had a few customers call to ask us about the news stories being published reporting that the FBI is urging users to reboot their routers.   We wanted to post some information about that to help address any questions.   Here is a link to one such story for more information:  https://www.cbsnews.com/news/fbi-urges-internet-users-to-reboot-home-routers/

Another story:  https://www.cnet.com/how-to/the-fbi-says-you-should-reboot-your-router-should-you/

First, it is important to understand the difference between “reboot” and “reset” (a distinction the FBI apparently does not understand).   A “reboot” is harmless and will clear out any malware which is resident in memory (running at the time).  However, if the malware is loaded onto the router so that it will be reloaded, a reboot does no good.  A “reset” puts the piece of hardware back like it was from the factory and should eliminate any loaded malware.   HOWEVER, if the router has been programmed with settings changes such as custom WiFi settings, non-default IP address settings, password changes, or other changes made during installation, those settings will be LOST during a “reset”.   If your equipment was professionally installed, there is a good chance that resetting your router will cause problems on your network so we suggest contacting the installer BEFORE performing a “reset”.

The malware — called VPNFilter — targets Linksys, MikroTik, NETGEAR and TP-Link networking equipment, as well as QNAP network-attached storage (NAS) devices, according to researchers at Cisco.

If you purchase(d) your equipment from Network Solutions, Inc., we have only sold QNAP equipment which is affected.  QNAP has released a statement about the security vulnerability which allows VPNFilter to be installed.  Basically, if your QNAP has been upgraded since mid-2017, it is no longer vulnerable to attack.  QNAP also has a  free Malware app which periodically scans the device for malware and is capable of detecting and removing VPNFilter.  If Network Solutions, Inc. does maintenance on your network with the QNAP and has performed maintenance since mid-2017, your QNAP is most likely already patched and cleaned.  However, if you do have a QNAP which is open to the internet (accessible from outside your network) and we have not performed any maintenance recently, we do urge you to contact us so that we can update your system and check it for malware.

Update – June 6, 2018 – This issue has been found to be much worse than previously thought.  The list of manufacturers affected by the malware has been expanded to include routers made by ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE.   Network Solutions, Inc. has definitely sold routers from these manufacturers – mostly Asus and Ubiquiti.  Although the Ubiquiti units we have sold are not listed as affected by this malware, we *have* sold Asus units which are affected – RT-N66U and RT-AC66U.   Here is a link to a story about the new developments: https://www.bleepingcomputer.com/news/security/vpnfilter-can-also-infect-asus-d-link-huawei-ubiquiti-upvel-and-zte-devices/

Removing VPNFilter from infected devices is quite a challenge, as this malware is one of two malware strains that can achieve boot persistence on SOHO routers and IoT devices. Furthermore, there are no visible signs that a router has been infected with this malware, so unless you can scan your router’s firmware, even knowing you’re infected is a challenge. The best advice we can give right now is to make sure you’re running a router with up-to-date firmware.  Please contact Network Solutions, Inc. if you would like us to upgrade your router firmware.  Please note that resetting your router yourself may make your network inoperable.

If you have any questions or would like to schedule a call to evaluate or update your equipment, please contact us at 256-547-6817 or email support@internetpro.net.

April 25, 2018 – We have become aware of a very convincing phishing scam being sent to our users this morning.  It comes in the form of an email with the subject of “Mail Delivery Failed for <your email address>”.  The body of the messages is as follows:
–BEGIN

This message was created automatically by mail delivery software.

You have more than 6 incoming messages that could not be delivered to your inbox since April 25 2018 for <your email address>

The following address (es) failed and reconfigure Port 486,         Retrieve Messages

Diagnostic-Code: smtp; 552-5.7.0[TSS04] max defers and failures per hour (Exim 4.88) allowed. Message deferred

Reporting-MTA: dns; gateway31.websitewelcome.com
X-Postfix-Queue-ID: 5867033100
Original-Recipient: rfc822; <your email address> SIZE=22481:
Arrival-Date: Wed, 25 Apr 2018 04:14:44 -0500 (CDT)

Action: failed
Status: 5.7.0
Remote-MTA: dns; gmail-smtp-in.l.google.com

March 5, 2018 – We’ve received a few reports of people having issues emailing domains which are handled by Prodigy’s mail servers.  These include the bellsouth.net, att.net, and scbglobal.net domains as well as prodigy.net and others.  Senders are receiving a failure notice which includes the following error:

Remote host said: 550 5.7.1 Connections not accepted from servers without a valid sender domain.flph829 Fix reverse DNS for 74.252.14.252

We have looked into the issue and have confirmed that our reverse DNS is working correctly.  The problem is on the Prodigy server side and their servers are unable to look up the correct information for some reason.  There is nothing that we can do to help with this problem from our end.   If you are experiencing this, please inform the recipient and ask them to contact their provider.  If you have the ability to send the them the error through an alternate means, that will help them to report the issue.   We’re hoping that after Prodigy receives enough reports that they will correct the issue on their end.

Here is a link to one of several tests we have run to confirm the issue is not on our side:
https://mxtoolbox.com/SuperTool.aspx?action=smtp%3amail.internetpro.net&run=toolpage

Update – March 6, 2018 8:30am – As of this morning, this issue is still ongoing.   We have again reached out to the contacts for Prodigy.net to request an investigation.  Again, if you are experiencing this issue, we do request that you ask the recipient (the person with an att.net, bellsouth.net, scbglobal.net or other domain that is being rejected with this error) and ask them to contact their support as well.

Update – March 7, 2018 2:30pm – This is still an ongoing issue and we have not received any contact from Prodigy.

Update – March 8, 10:45am – The issue is still ongoing and we have requested an escalation from their support.

Update – March 9, 2:40pm – Still ongoing and we have not received any response from AT&T or other providers.  Please contact recipients you are trying to contact (account holders with att.net, bellsouth.net addresses) and ask them to contact technical support about this issue.  It seems the only way that the issue will get noticed.

Update – March 10 12:45am – We got word that our blog post here helped a credit union in Louisiana get this issue fixed.  They were experiencing the same problem and were able to get in touch with AT&T to get it handled by using our blog post to prove that it was not an isolated issue.  They have given us the contact they used and we have also reached out to AT&T.  Unfortunately, in over 3 hours we have not received any contact – not even an autoresponse.

Update – March 12, 3:45pm – A kind network operator upstream of us has allowed us to relay att.net, bellsouth.net and scbglobal.net through them.  This will help some with the problem, but because of SPF records some email may be delivered to the user’s spam folder.   We are still making attempts to get in touch with AT&T, but our please have fallen on deaf ears so far.

Update – March 14, 2:45pm – We have finally received word from an AT&T contact that they have resolved this (Nationwide issue) on their end by opening ports on a firewall being used by some new name servers they have put into service.   We have removed the relay we put in place on the 12th and tested delivery to confirm the fix.   Everything should be working normally now.

If you have any questions about this issue, please email support@internetpro.net or call 256-547-6817.

February 9, 2018  9:40am – We’ve experienced a network infrastructure problem which is affecting multiple machines.   We are in the process of restoring service.   The issue started at approximately 9:35am.    We will be posting updates here.

Update 9:45am – The underlying issue has been corrected.   We are working to restore operation to affected hosts.

Update 9:53am  – All services have been restored, although a few hosts are experiencing higher load averages than normal.  Those hosts may be a bit slower than normal for the next few minutes as the load begins to come down.

Update 10:11am – All servers have returned to nominal loads and this issue is now closed.

If you have any questions or concerns about this, please contact us at 256-547-6817 or email support@internetpro.net.

February 4, 2018 – One of our web servers for shared web hosting had an issue tonight.  It seems that there was a denial of service (DOS) attack which resulted in some sites being unavailable – including this one.  Technicians were alerted at 4:19am and worked to mitigate the problem.  The issue was resolved roughly one hour later with web services for that server coming back online at 5:14am.

Please direct any questions or concerns about this issue to support@internetpro.net.  Thank you.

January 26, 2018 – We experienced some short connectivity issues early this morning.  In general, the issues were under 5 minutes in duration and seem to have been caused by routing changes occurring upstream in response to failures outside our network.  The connectivity issues varied in length depending on the networks involved (AT&T vs. Comcast for example).

One side effect of these issues also caused a problem with our email services.   The anti-virus software tried to update during one of these intermittent connectivity issues and was not able to perform the upgrade properly.   This caused the anti-virus software to crash.   It looks like the issue was in place for about 1.5 hours. We did not detect the problem proactively because our monitoring systems test for server connectivity — not an actual successful sent email. The error that was produced was a “temporary error”, meaning that any email received during that time would be retried. As a result no email should be lost, but it may be delayed for a bit.

Update –  We have received information that the issue caused by the anti-virus software was *NOT* caused by an internet disruption, but rather a bad virus definition update.   This definitely fits better with our observation that the internet service disruption was *very* short lived and we saw no evidence of it starting as early as the virus software issue.  It seems we were just a victim of two issues at the same time.

Update – 11:10am – The issue with the antivirus software happened again.  We have restarted the software and it is back up and running.  We are working with the software vendor to find a resolution.

Update – 11:18am –  The bad update has been confirmed and our vendor has implemented a workaround until the signature database is updated.   We don’t expect this issue to recur.

We apologize for any inconvenience this may have caused.  If you have any questions about the issue, please email us at support@internetpro.net or call 256-547-6817.

January 17, 2018 8:15am – We are getting reports of sporadic issues with Comcast in the Gadsden area.  It does not seem to be localized to one node and is affecting customers at least from Rainbow City to downtown Gadsden.  We are attempting to contact Comcast for details and will post anything we find out here.  This also does seem to be affecting television service as well as internet.  From what we have seen service is going in and out periodically.   We do not know if this is a result of the cold weather.

Update 10:30am – We haven’t heard of any further issues this morning.  We didn’t really get a definitive answer from Comcast, but assume that it was an issue in their network which has now been corrected.    If you are still experiencing problems please call us at 256-547-6817 or email support@internetpro.net to let us know.

January 16, 2018  9:20am  – We are planning to close our office at 12:00pm due to the inclement weather.  We will be evaluating conditions for tomorrow and will post updates here as the conditions present themselves.   In the mean time, we do have technicians available by phone and email during normal business hours if needed.   Just call 256-547-6817 and hit option 8 (please leave voice mail if you get the mailbox) or email support@internetpro.net.   We are sorry for any inconvenience this may cause.

Update – 8:00pm – Due to road conditions and school closings, we are going to delay opening until at least 10:00am.   We will reevaluate further delays in the morning and update this post.
Update – January 17 5:30am – We *are* going to have a limited staff and normal phone system operation at 8:00am due to road conditions improving overnight.  Some service calls outside of the Gadsden area may have to be rescheduled.

January 11, 2018 – As many of you know, there has been a large issue discovered which affects virtually all modern processors.   The exploits which can take advantage of this are called Spectre and Meltdown.  The details and scope of Spectre and Meltdown are outside the scope of this update, but if you would like more information on them, you can read it here: Spectre and Meltdown Explained

The fix for these issues is applied at the operating system level.  Microsoft, Apple, and Linux have all developed fixes and those are currently being deployed.   However, the fix which Microsoft has developed affects some third-party antivirus products.  To make sure that your currently installed antivirus is compatible, Microsoft has developed a registry key which must be set before your system will resume Windows updates (any future update – not just Spectre and Meltdown – because all Microsoft updates are now cumalative).

Network Solutions, Inc. is currently using Bit Defender, Trend Micro, and Panda Antivirus for our customers.  In the past, we’ve also used Vipre.  We wanted to share the impact of these updates on these products for our customers.

Bit Defender  – This is provided to our MSP clients.  Currently, this antivirus solution is still undergoing testing.  However, if you are currently an MSP customer,  no action will be required on your part as our technicians and patching solution will take care of everything.

Trend Micro – The majority of our customers (home and business) are currently using this solution.  Currently, Trend Micro has stated that their software IS compatible with the patches provided by Microsoft.  However, they have not yet automatically added the registry key necessary for these patches to be automatically deployed to all of their products.  Most of our business customers currently use Worry-Free Business Security Services which has NOT yet automatically deployed the registry key for updates.  Our consumer or standalone version of Trend Micro is Trend Micro Internet Security.  We have tested the product in-house and determined that it *does* deploy the registry key and therefore will allow Microsoft patches to be received.  Their official statement can be read here:  Trend Micro Security Update

Panda Antivirus – Some customers have opted to stay with Panda Antivirus and we do fully support this.  Panda has stated that all of their products currently automatically add the registry key when updated so Microsoft patches will continue normally without user action (as long as the antivirus is up-to-date). Read their statement here:  Panda Advisory

Vipre Antivirus – This is a legacy solution which we are no longer actively selling.  Currently, Vipre is still in testing for some of their products but have deemed most compatible.  They have stated that once a product is determined to be compatible, they will automatically set the registry key.  Their full statement can be found here:  Vipre Blog

If you have any questions or concerns about your antivirus or system updates, please contact us at support@internetpro.net or call 256-547-6817.