Blog

June 29, 2018  – At approximately 11:30am CDT, Comcast started experiencing a nationwide issue.  From what we can tell, it is mostly a routing problem and does not affect all customers or all internet sites.  However, locally, customers of ClearVoice VOIP phone service are experiencing issues when their ISP is Comcast.  There are also numerous reports of websites which are unavailable including Alarm.com.   This issue is unrelated to the bad weather experienced by our area yesterday.   Comcast tech support is unavailable at this time due to high call volume, but we will post updates as soon as we find out more.

Update: 1:54pm – News outlets are starting to pick up this story. Apparently, the issue is not internal to Comcast’s network, but is actually a fiber cut to one of their large peers.  Here are some related articles:
CNBC
CNET
Newsweek

As of right now, there is still no estimated time to repair.

Update 5:00pm – As of now, there is no real news from Comcast.  Right now, it is just a “wait and see” situation.

Update 7:30am 6/30/18 – The outage has been resolved.  It actually got resolved around the time of the last update, but Comcast did not make an announcement.  It has been announced that the fiber cuts causing the problems were in the CenturyLink network and the Zayo network.

June 7, 2018 – We’ve received a few reports of customers getting scam emails which are attempting to capture usernames and passwords.   The email looks similar to this:

–BEGIN

To All,

Due to routine maintenance and enhancements, the following programs or systems access will not be available for use.
Network Systems
•           Access from district desktop computers (i.e. district drives-V:, W:, U:, T:, etc.)
•           VPN Access from outside the district
•           Wireless Network or Internet Access from laptops or tablets
•           E-mail-via Outlook, Outlook Web, and Smartphones
•           Adobe Connect
•           Enrich
•           Online employment application system
•           Nutrition Services MCS and PCS
•           Oracle
Please Maintain Here<phishing link/> access  systems programs.
Follow the procedure and complete information by clicking MAINTAIN HERE<phishing link/> .A new space will be created within 24 hours which will give you access to the above.
If maintenance is not done within the next 24hour(s) Your next log-in Access will be temporarily declined.
Thank you
IT Maintenance Services.

–END

The email is linked to a page which is not fully in English and does not look very convincing, but we still wanted customers to be aware of this and to know that it is a scam.

If there are any questions about this, please email us at support@internetpro.net or call 256-547-6817.

We’ve had a few customers call to ask us about the news stories being published reporting that the FBI is urging users to reboot their routers.   We wanted to post some information about that to help address any questions.   Here is a link to one such story for more information:  https://www.cbsnews.com/news/fbi-urges-internet-users-to-reboot-home-routers/

Another story:  https://www.cnet.com/how-to/the-fbi-says-you-should-reboot-your-router-should-you/

First, it is important to understand the difference between “reboot” and “reset” (a distinction the FBI apparently does not understand).   A “reboot” is harmless and will clear out any malware which is resident in memory (running at the time).  However, if the malware is loaded onto the router so that it will be reloaded, a reboot does no good.  A “reset” puts the piece of hardware back like it was from the factory and should eliminate any loaded malware.   HOWEVER, if the router has been programmed with settings changes such as custom WiFi settings, non-default IP address settings, password changes, or other changes made during installation, those settings will be LOST during a “reset”.   If your equipment was professionally installed, there is a good chance that resetting your router will cause problems on your network so we suggest contacting the installer BEFORE performing a “reset”.

The malware — called VPNFilter — targets Linksys, MikroTik, NETGEAR and TP-Link networking equipment, as well as QNAP network-attached storage (NAS) devices, according to researchers at Cisco.

If you purchase(d) your equipment from Network Solutions, Inc., we have only sold QNAP equipment which is affected.  QNAP has released a statement about the security vulnerability which allows VPNFilter to be installed.  Basically, if your QNAP has been upgraded since mid-2017, it is no longer vulnerable to attack.  QNAP also has a  free Malware app which periodically scans the device for malware and is capable of detecting and removing VPNFilter.  If Network Solutions, Inc. does maintenance on your network with the QNAP and has performed maintenance since mid-2017, your QNAP is most likely already patched and cleaned.  However, if you do have a QNAP which is open to the internet (accessible from outside your network) and we have not performed any maintenance recently, we do urge you to contact us so that we can update your system and check it for malware.

Update – June 6, 2018 – This issue has been found to be much worse than previously thought.  The list of manufacturers affected by the malware has been expanded to include routers made by ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE.   Network Solutions, Inc. has definitely sold routers from these manufacturers – mostly Asus and Ubiquiti.  Although the Ubiquiti units we have sold are not listed as affected by this malware, we *have* sold Asus units which are affected – RT-N66U and RT-AC66U.   Here is a link to a story about the new developments: https://www.bleepingcomputer.com/news/security/vpnfilter-can-also-infect-asus-d-link-huawei-ubiquiti-upvel-and-zte-devices/

Removing VPNFilter from infected devices is quite a challenge, as this malware is one of two malware strains that can achieve boot persistence on SOHO routers and IoT devices. Furthermore, there are no visible signs that a router has been infected with this malware, so unless you can scan your router’s firmware, even knowing you’re infected is a challenge. The best advice we can give right now is to make sure you’re running a router with up-to-date firmware.  Please contact Network Solutions, Inc. if you would like us to upgrade your router firmware.  Please note that resetting your router yourself may make your network inoperable.

If you have any questions or would like to schedule a call to evaluate or update your equipment, please contact us at 256-547-6817 or email support@internetpro.net.

April 25, 2018 – We have become aware of a very convincing phishing scam being sent to our users this morning.  It comes in the form of an email with the subject of “Mail Delivery Failed for <your email address>”.  The body of the messages is as follows:
–BEGIN

This message was created automatically by mail delivery software.

You have more than 6 incoming messages that could not be delivered to your inbox since April 25 2018 for <your email address>

The following address (es) failed and reconfigure Port 486,         Retrieve Messages

Diagnostic-Code: smtp; 552-5.7.0[TSS04] max defers and failures per hour (Exim 4.88) allowed. Message deferred

Reporting-MTA: dns; gateway31.websitewelcome.com
X-Postfix-Queue-ID: 5867033100
Original-Recipient: rfc822; <your email address> SIZE=22481:
Arrival-Date: Wed, 25 Apr 2018 04:14:44 -0500 (CDT)

Action: failed
Status: 5.7.0
Remote-MTA: dns; gmail-smtp-in.l.google.com

March 5, 2018 – We’ve received a few reports of people having issues emailing domains which are handled by Prodigy’s mail servers.  These include the bellsouth.net, att.net, and scbglobal.net domains as well as prodigy.net and others.  Senders are receiving a failure notice which includes the following error:

Remote host said: 550 5.7.1 Connections not accepted from servers without a valid sender domain.flph829 Fix reverse DNS for 74.252.14.252

We have looked into the issue and have confirmed that our reverse DNS is working correctly.  The problem is on the Prodigy server side and their servers are unable to look up the correct information for some reason.  There is nothing that we can do to help with this problem from our end.   If you are experiencing this, please inform the recipient and ask them to contact their provider.  If you have the ability to send the them the error through an alternate means, that will help them to report the issue.   We’re hoping that after Prodigy receives enough reports that they will correct the issue on their end.

Here is a link to one of several tests we have run to confirm the issue is not on our side:
https://mxtoolbox.com/SuperTool.aspx?action=smtp%3amail.internetpro.net&run=toolpage

Update – March 6, 2018 8:30am – As of this morning, this issue is still ongoing.   We have again reached out to the contacts for Prodigy.net to request an investigation.  Again, if you are experiencing this issue, we do request that you ask the recipient (the person with an att.net, bellsouth.net, scbglobal.net or other domain that is being rejected with this error) and ask them to contact their support as well.

Update – March 7, 2018 2:30pm – This is still an ongoing issue and we have not received any contact from Prodigy.

Update – March 8, 10:45am – The issue is still ongoing and we have requested an escalation from their support.

Update – March 9, 2:40pm – Still ongoing and we have not received any response from AT&T or other providers.  Please contact recipients you are trying to contact (account holders with att.net, bellsouth.net addresses) and ask them to contact technical support about this issue.  It seems the only way that the issue will get noticed.

Update – March 10 12:45am – We got word that our blog post here helped a credit union in Louisiana get this issue fixed.  They were experiencing the same problem and were able to get in touch with AT&T to get it handled by using our blog post to prove that it was not an isolated issue.  They have given us the contact they used and we have also reached out to AT&T.  Unfortunately, in over 3 hours we have not received any contact – not even an autoresponse.

Update – March 12, 3:45pm – A kind network operator upstream of us has allowed us to relay att.net, bellsouth.net and scbglobal.net through them.  This will help some with the problem, but because of SPF records some email may be delivered to the user’s spam folder.   We are still making attempts to get in touch with AT&T, but our please have fallen on deaf ears so far.

Update – March 14, 2:45pm – We have finally received word from an AT&T contact that they have resolved this (Nationwide issue) on their end by opening ports on a firewall being used by some new name servers they have put into service.   We have removed the relay we put in place on the 12th and tested delivery to confirm the fix.   Everything should be working normally now.

If you have any questions about this issue, please email support@internetpro.net or call 256-547-6817.

February 9, 2018  9:40am – We’ve experienced a network infrastructure problem which is affecting multiple machines.   We are in the process of restoring service.   The issue started at approximately 9:35am.    We will be posting updates here.

Update 9:45am – The underlying issue has been corrected.   We are working to restore operation to affected hosts.

Update 9:53am  – All services have been restored, although a few hosts are experiencing higher load averages than normal.  Those hosts may be a bit slower than normal for the next few minutes as the load begins to come down.

Update 10:11am – All servers have returned to nominal loads and this issue is now closed.

If you have any questions or concerns about this, please contact us at 256-547-6817 or email support@internetpro.net.

February 4, 2018 – One of our web servers for shared web hosting had an issue tonight.  It seems that there was a denial of service (DOS) attack which resulted in some sites being unavailable – including this one.  Technicians were alerted at 4:19am and worked to mitigate the problem.  The issue was resolved roughly one hour later with web services for that server coming back online at 5:14am.

Please direct any questions or concerns about this issue to support@internetpro.net.  Thank you.

January 26, 2018 – We experienced some short connectivity issues early this morning.  In general, the issues were under 5 minutes in duration and seem to have been caused by routing changes occurring upstream in response to failures outside our network.  The connectivity issues varied in length depending on the networks involved (AT&T vs. Comcast for example).

One side effect of these issues also caused a problem with our email services.   The anti-virus software tried to update during one of these intermittent connectivity issues and was not able to perform the upgrade properly.   This caused the anti-virus software to crash.   It looks like the issue was in place for about 1.5 hours. We did not detect the problem proactively because our monitoring systems test for server connectivity — not an actual successful sent email. The error that was produced was a “temporary error”, meaning that any email received during that time would be retried. As a result no email should be lost, but it may be delayed for a bit.

Update –  We have received information that the issue caused by the anti-virus software was *NOT* caused by an internet disruption, but rather a bad virus definition update.   This definitely fits better with our observation that the internet service disruption was *very* short lived and we saw no evidence of it starting as early as the virus software issue.  It seems we were just a victim of two issues at the same time.

Update – 11:10am – The issue with the antivirus software happened again.  We have restarted the software and it is back up and running.  We are working with the software vendor to find a resolution.

Update – 11:18am –  The bad update has been confirmed and our vendor has implemented a workaround until the signature database is updated.   We don’t expect this issue to recur.

We apologize for any inconvenience this may have caused.  If you have any questions about the issue, please email us at support@internetpro.net or call 256-547-6817.

January 17, 2018 8:15am – We are getting reports of sporadic issues with Comcast in the Gadsden area.  It does not seem to be localized to one node and is affecting customers at least from Rainbow City to downtown Gadsden.  We are attempting to contact Comcast for details and will post anything we find out here.  This also does seem to be affecting television service as well as internet.  From what we have seen service is going in and out periodically.   We do not know if this is a result of the cold weather.

Update 10:30am – We haven’t heard of any further issues this morning.  We didn’t really get a definitive answer from Comcast, but assume that it was an issue in their network which has now been corrected.    If you are still experiencing problems please call us at 256-547-6817 or email support@internetpro.net to let us know.