Blog Archives

Recovery from Identity Theft

My own experience with identity theft is nearly over now, but I’ve learned a few things during this experience.  First, its important to keep a close eye on your bank accounts, watching daily activity and looking for unrecognized charges.  In my case I found that the person using my card had my physical card info including the 3 digit number on the back.  So someone either had physical access to my card, or one of the few only vendors that I deal with that actually asks for the 3 digit code had some kind of security breach that they haven’t alerted me to yet.  So keeping an eye on your accounts is really a key element to protecting yourself and putting a stop to things before it gets out of hand. 

Fortunately we use online banking and have for years now, which is not only convenient but normally allows you to setup e-mail alerts and notifications for various levels of monitoring.  We first found that something was wrong by monitoring our checking account and saw some unrecognized charges.  Someone was buying website memberships and hosting services.  They racked up about $200 worth of charges on my account, but I cought it fast and was able to get all the charges refunded by the charging merchants. 

I was not happy with the way my current bank handled the whole situation.  They made me call the merchants and deal with the process of removing the fradulant charges on my own.  Any other bank when you report fraud they would be all over it, and I probably wouldn’t have had to do a thing.  So we now have a new bank and are in the process of switching everything over. 

I checked my credit report and everything looks fine, so far no one has used my information to get a loan or do anything else bad to my credit. 

Mistaken identity

This morning on my way to the office, I was driving along the interstate and someone in a green Jeep drove up next to me and honked the horn. I looked over and some young guy (not that I’m old), was waving and I thought looking right at me. Out of reflex, I waved back and I wondered who this guy was. I still don’t think I know the guy, and he probably thought I was someone else, or could have been waving at someone else. Or maybe he just liked Miatas!

Home Network – Mail setup change

1. Changed MX records for my two main public domain names to route mail only to my mail redirection service’s mail servers.

2. Installed noSPAMtoday on sisko and configured to listen on my custom port (the port the SMTP redirection service uses to send mail to my home mail server).

3. Changed 602 LAN Suite to listen for SMTP on port 25.

4. Configure noSPAMtoday to send good mail to 602LS on port 25. So it now acts as a true SPAM Proxy.

Using this new configuration, I’m no longer accepting mail directly on my shared hosting server. Mail now gets routed to my SMTP redirection service. Mail gets queued on their servers and then sent directly to my home mail server (Sisko) on a custom SMTP port. NoSPAMToday is installed on Sisko listening on that custom SMTP port which if forwarded into my LAN from my firewall. NoSPAMToday does RBL checks, basyian checks, and various other checks for SPAM Messages. Right now I have it set to reject/deliver, so it still sends a bounce message to the SPAM sender, but goes ahead and delivers the message to me anyway. I’m going to leave it setup like this for a week or to in order to ensure that I have everyone I receive mail from either on my whitelist, or ensure NoSPAMtoday does not mark them as SPAM. Once I’m happy with the results, I’ll switch modes to reject/delete so I won’t even see messages it considers SPAM anymore. I’ll only receive valid wanted email.

Once a message is validated by NoSPAMtoday, it then gets sent through normal SMTP on port 25 to sisko on the internal LAN. 602 LAN Suite then accepts the mail and delivers to the appropriate mailbox. Right now it accepts mail for my two main E-mail addresses, and for Liz. The free version of NoSPAMToday is free for non-commercial use for up to 10 E-mail addresses.

Once 602 LS has my mail, I can download them with POP3 or use its built in webmail application. I usually stick with POP3 since my company uses fatpipe technology which causes a problem with my originating IP address, making webmail inaccessible since my public IP address changes at any given time. 602 LS is configured on its own internal domain and has a default masquerade domain of my main public domain name. User accounts in 602 LS are standalone user accounts, and are not physically related to my public domains. When we send mail, the identity information in our outlook profiles handles the E-mail addressing and name information. 602 LS is then configured to send mail out using my shared hosting server, but can be configured to send directly to the recipient mail server should the hosting server go down. My SMTP redirection service has two physical servers on different subnets served by multiple ISPs, so its unlikely that I’ll ever loose any E-mail. Even if sisko goes down, mail will spool at my redirection service.

Pretty cool stuff! Maybe overkill for a 2-3 user home network??
]]>