cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot change Admin Password on Sagem 2704M and Username ATTACHED to S-IP? WHY?

plusbg
Grafter
Posts: 26
Registered: 24-05-2015

Cannot change Admin Password on Sagem 2704M and Username ATTACHED to S-IP? WHY?

I have come to absolutely hate Plusnet but to be also totally stuck with them.
Firstly, I am gutted by the lack of support the majority of the technical department offers to customers. On one hand, PN provide Static IP's for those customers running Servers, on the other, if a Customer even contacts PN asking about the capability of a router beyond your top questions, such a customer gets turned away and is not provided with support.
I was sent PN's new Sagem 2704N router that is supposedly hugely better than the previous one. The router arrived today and when I connected it, I found out that it is not even possible to change the Admin Password on it or set up a new account. I could do this with the old one. This is totally infuriating as I need to be able to access my router away from home and I don't see why I should have to carry a card with a random string of characters so that I can actually recall my password to access the router when I am away from home. I also don't see why I should miss out on the latest router as PN has restricted this with the adapted firmware for no apparent reason.
Secondly and even more infuriatingly, PN asks new customers for a Username and then uses this as the Customer Email Address at the same time as attaching it, without the customer's knowledge to the IP - so in IRC, everybody sees your PN Email Address. This isn't necessary and should not be happening. I was advised by a more helpful Technician at Plusnet that he would sort this out, it has not happened and my username is still resolving to my new IP address. Following a DDOS attack that led to me requiring my Static IP to be changed, the new Static IP is also now compromised.
I called in yesterday to ask for this to be sorted as it is blatantly a breach of Data Protection to attach a username to the IP in this way (I only found out as somebody on IRC told me). I was told that a ticket would be raised for the username to be disassociated from my Static IP yesterday but today, it emerges that the ticket has not even been raised. I had explained I wished to make a formal complaint - that hasn't translated into a ticket either (is this not an OFCOM breach as PN is supposed to be acknowledging complaints through OFCOM Regs). Yesterday, I had to wait 54 Minutes to get through, it's outrageous.
I called in today to discuss the issue with my router and had to wait 20 minutes to get through, the Technician told me I could not change my password. I went through to the leaving team (I am on the brink of cancelling) and the leaving adviser couldn't even be bothered to try and assist with resolving the issue. I went onto Twitter and was told to contact PN on the phone. I contacted PN on the online technical chat facility and was told that he didn't know of a way to change the password of the router and he even resorted to asking me if I had a Static IP after I had to quote the PN agent from Twitter as he didn't think it was possible.
When the Advisor on the technical chat facility finally did establish that it was possible that my username was being linked this was all he had to say:
"then your username is attached to the to the IP address but this is deemed secure. If it wasn't we wouldn't be allowed to do it."
The same person who recently DDOSd me knew my username because PN broadcast it without telling me, my Static IP was changed as a response to avoiding it happening again. The same person who DDOSd me before, can easily find my new Static IP address as the username is still linked to it.
I wish this to be registered a formal complaint and i'd be grateful for other customer input.
Many thanks - really really at the end of my tether.
7 REPLIES
Community Veteran
Posts: 19,099
Thanks: 434
Fixes: 21
Registered: 31-08-2007

Re: Cannot change Admin Password on Sagem 2704M and Username ATTACHED to S-IP? WHY?

To change the password on your Sagemcom 2704n see this thread.
Edit: This might hopefully make you grin and not more angry Lips are sealed
Community Veteran
Posts: 6,366
Thanks: 490
Fixes: 45
Registered: 30-07-2007

Re: Cannot change Admin Password on Sagem 2704M and Username ATTACHED to S-IP? WHY?

and I believe this https://www.plus.net/wizard/?p=wizard&page=22425&wizard_id=38 is the link to raise a ticket requesting your rdns be changed
Community Veteran
Posts: 19,099
Thanks: 434
Fixes: 21
Registered: 31-08-2007

Re: Cannot change Admin Password on Sagem 2704M and Username ATTACHED to S-IP? WHY?

And I was about to post about that as well. I thought this issue HAD BEEN SORTED - there were various threads about this on this board sometime back Angry
Clearly Plusnet are taking virtually no notice whatsoever about many of the (non-contenious in the main) issues raised on these boards. I'm getting rather sick of it TBH.
plusbg
Grafter
Posts: 26
Registered: 24-05-2015

Re: Cannot change Admin Password on Sagem 2704M and Username ATTACHED to S-IP? WHY?

Thanks guys, i'll reply properly when I get back, but just so I don't get stuck overnight, have you got any ideas how you turn off the SIPALG on these new routers?
Many thanks :-) How nice you peeps are really cheered me up after what has turned into a really unpleasant day :-) Will drop a reply when I get back including the complaint i've sent to their networks team :-)
plusbg
Grafter
Posts: 26
Registered: 24-05-2015

Re: Cannot change Admin Password on Sagem 2704M and Username ATTACHED to S-IP? WHY?

Wow - so there is hidden functionality in the new router - reet OK - I really question how PN Techs don't seem to know that this is available - perhaps it's more feasible that they don't want you to know about it...
I have had a quick look at RDNS and I understand that it can sometimes be useful - would turning it off in any way effect me negatively, say, with running a mail or web server? It's like the blind leading the blind! So is this router capable of doing VPN connections then to take the weight off my Server? Is it any cop? For better or worse, misguided or not, this is my message to the networks team:
Many thanks, FAO Networks -
I really begrudge the fact that this has been given a 72 hour turn around time given that the issue has not been resolved properly the first time and after the fact that i've already waited once.
At sign up, your Sales Agents ask for a Username to be provided and do not make customers aware that this username will be linked to a customer's IP address. I gave you a username, having not been informed of how it would be used, that allows for me me to be searched online whenever anybody sees my IP address (it's the same as my Twitter handle). I would have given you an anonymous username had PN actually advised how my username would be used.
That username is then even used as the Email address you give to a customer. This is clearly a breach of the DPA and the Username is defined as "personal information" which is protection with additional safeguards under the DPA. It is reasonably foreseeable that, at the very least, the Sales Team should have warned me that the username provided to PN was too close to my real name but, ideally, it should not have been publicly broadcast in the first place:
Data Protection Act 1998 - Part 1 (1-2) "The Principles":
(1) ***Personal*** data shall be processed **fairly** and lawfully and, in particular, shall not be processed unless—
(a) at least one of the conditions in Schedule 2 is met, and
(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
(2) ***Personal*** data shall be obtained only for one or more ***specified*** and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
Personal data is defined by the ICO as:
" data which relate to a living individual who can be identified –
(a) from those data, or
(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,
and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual." Source - https://ico.org.uk/for-organisations/guide-to-data-protection/key-definitions/ . It is not necessary to assign a username to an IP in order to provide internet or to comply with any legislative requirements, no conditions in Sch or Sch3 are met. Given that the broadcast of the username is not, literally, technically necessary for your part of fulfilling the provision of ISP services (and crucially not literally technically necessary in the wider industry) and I did not give consent for the information to be broadcast, it is fundamentally unlawful for you to do this. There is also no technical gain in you doing so.
I have only became aware so late in the day about this happening because I was made aware of it by a user who I was talking to on IRC. Had it not been for me having a conversation about wider internet security, I would still be none the wiser.
I was DDOSd recently and so the Static IP address was changed. However, because my username is attached to the Static IP, my new Static IP address has also been exposed. It had been agreed that this would be turned off on the same morning as my Static IP had been changed. As the username has not been disassociated quickly, I am not going going to now need the username to be disassociated, but yet another IP address to be assigned after.
I look forward to hearing from you as the escalation ticket contents left a lot to be desired - particularly that:
1) The DDOS attack is not mentioned, the background to the issue is not mentioned, the fact that the matter was not resolved correctly the first time is not mentioned and the link between accounts has not even been vaguely supplied to you. For a ticket escalated from a technical department that I spent a significant amount of time with going over the background and the issues, this is bitterly disappointing.
2) Craig did not explain the reasons for why I "felt" that the DPA is being breached so the comment was not particularly helpful lacking further explanation.
In terms of action the order is particularly important-
Please would you ensure that my username is disassociated from my IP address ***first***
Please would you arrange for the Static IP address to be reassigned very quickly afterwards to prevent the vulnerabilities that I have been left with having had to wait yet again ***second***
Please take steps to ensure that Customer's currently affected are notified with the option of remedy and that new customers are not affected.***third***
Many thanks.
**If there is any confusion from other notes, past or future, this update should prevail.**

Thanks ever so much guys, it's been a horrible day :-)
Community Veteran
Posts: 19,099
Thanks: 434
Fixes: 21
Registered: 31-08-2007

Re: Cannot change Admin Password on Sagem 2704M and Username ATTACHED to S-IP? WHY?

There's quite a few threads about the rDNS issues, here is one but in particular see this post but as I didn't need/require a Static IP address, I never followed that up. Is that warning not there? And why isn't it on this page anyway (login required) or even on Help pages such as this either!!?
There are ways of dealing with any email address issues by clicking on Manage My Mail.(login needed)
You can setup a redirect of a SpecificAddress@username.plus.com to blackhole@abuse.plus.com if needed and you can setup individual specific addresses as well as which is a "catch-all" if needed.
Using the forum search with  "rDNS username" without the quotes, will turn up plenty of threads which may have info you'll find useful.
Superuser
Superuser
Posts: 10,466
Thanks: 1,928
Fixes: 19
Registered: 22-08-2007

Re: Cannot change Admin Password on Sagem 2704M and Username ATTACHED to S-IP? WHY?

Quote from: plusbg
Secondly and even more infuriatingly, PN asks new customers for a Username and then uses this as the Customer Email Address at the same time as attaching it, without the customer's knowledge to the IP - so in IRC, everybody sees your PN Email Address.

Hi Ben,
I'm not sure what people expect in this space.  What PN do is not overly different from what the majority of ISPs do - you get a user name and that becomes part of your pseudo domain name - username.plus.com
This provide the foundation for...
www.username.plus.com - PN hosted website for those who have the website hosting option
@username.plus.com - email services
username.plus.com - in bound connection to your router for hosting local web services etc
in addition to any personal domain name(s) hosted on the user's account.
Clearly your as-many-as-you-want email addresses are all that pseudo domain name - unlike other providers who only supply one email address @their.domainname
Where a domain name is associated with and IP address it is normal convention for rDNS to return the domain name associated with the IP address.
Not that sure what alternative might be offered - possibly having two identities per account might work (one for the user name, another for the pseudo domain name) but I expect that would require a complete rework of the who customer management / configuration system.

As for searching this forum, it is not overly logical - you might fin this thread - http://community.plus.net/forum/index.php/topic,84049.0.html - helpful.
Kevin