Reply
Regular Problem Solver
Murphy
Posts: 470
Registered: ‎10-08-2003

Suspected "bot" Activity email from Comcast

I have now received two worthless emails from Comcast, that say I have suspected bot activity from one of my computers, that give no information about what that activity is.  

I have many devices that are in constant communictaion with servers such as TiVos, VOIP telephone systems, a smart TV, iPAD, Motorola XOOM, smartphone, Kindle, etc.  I have reserved IP addresses for 42 devices although many are turned off most of the time.  My operating systems are up to date.  I assume that Norton Security keeps itself up to date.  The older operating systems use Microsoft Security Essentials instead of Norton because I suspect Comcast would be unhappy if I put Norton on 10 computers.  

I assume that all of the communications from my IP address to various servers is what they are detecting as "bot" activity.

If that is not the case how do I get Comcast to provide some actual activity data instead of a worthless email?

 

Gold Problem Solver
BruceW
Posts: 6,894
Registered: ‎12-03-2007

Re: Suspected "bot" Activity email from Comcast

Have you called Comcast Security? 1-888-565-4329 (6am-2am Eastern time), http://security.comcast.net/get-help/contact-comcast-security.aspx.

Regular Contributor
Posts: 61
Registered: ‎06-30-2003

Re: Suspected "bot" Activity email from Comcast

I also received an email, but have scanned all machines with 4 differant scanners and nothing was found.

 

You can get more information on what was detected here: https://amibotted.comcast.net/authorized.html

Regular Problem Solver
Murphy
Posts: 470
Registered: ‎10-08-2003

Re: Suspected "bot" Activity email from Comcast


gdio53 wrote:

I also received an email, but have scanned all machines with 4 differant scanners and nothing was found.

 

You can get more information on what was detected here: https://amibotted.comcast.net/authorized.html


Thanks for the link.

 

I did a Google search for what they found (RK_Pihar_Group) and the only hits were from Comcast customers  complaining about the exact same thing and being asked to purchase Comcast's "fix it" service.

 

I scanned the three computers that were on at the time and found nothing.

 

I am more convinced than ever that Comcast has no clue and is detecting the continuous activity from my internet devices (not computers) as bot activity.

 

Regular Contributor
Posts: 61
Registered: ‎06-30-2003

Re: Suspected "bot" Activity email from Comcast

That's the same bot they say I have.

 

Do you have Constant Guard installed?  I don't.

Do we need to have it installed to get the emails?

 

All this started when I got a new IP address from Comcast last week.  I'm wondering if they have the wrong IP reporting the bot.  I'm tempted to clone another MAC address on my router to force another IP and see what happens tomorrow.  All the reports show the bot activity happening between 7-8 am, but it doesn't how up on the Bot check until late afternoon.

Regular Problem Solver
Murphy
Posts: 470
Registered: ‎10-08-2003

Re: Suspected "bot" Activity email from Comcast


gdio53 wrote:

That's the same bot they say I have.

 

Do you have Constant Guard installed?  I don't.

Do we need to have it installed to get the emails?

 

All this started when I got a new IP address from Comcast last week.  I'm wondering if they have the wrong IP reporting the bot.  I'm tempted to clone another MAC address on my router to force another IP and see what happens tomorrow.  All the reports show the bot activity happening between 7-8 am, but it doesn't how up on the Bot check until late afternoon.


I do not have constant guard installed and I got two emails so far.

I do have Norton Security Suite 6.3.0.14 installed.

 

The time given is

 

2012-09-02 06:24:54 Local Time

 

They don't even know how to display time.  That could be AM or PM.  24 hour time should not have colons (:smileyhappy: between the numbers.

 

The alert message came at 2:05 PM on 9/2 so I guess it has to be an AM time.  My main computer would not be turned on at that time of the morning.

 

Gold Problem Solver
BruceW
Posts: 6,894
Registered: ‎12-03-2007

Re: Suspected "bot" Activity email from Comcast


gdio53 wrote: ... Constant Guard ... Do we need to have it installed to get the emails? ...

No. Comcast unwisely chose to use the name "Constant Guard" to refer to two different things: software that runs on your computer, and a separate system that runs on Comcast servers and monitors customer modem traffic looking for "bot-like activity". The emails come from that second "Constant Guard" system.

Regular Contributor
Posts: 61
Registered: ‎06-30-2003

Re: Suspected "bot" Activity email from Comcast

LOL.  That just confuses the end user!

Security Expert
USAF_E-8_RET
Posts: 5,043
Registered: ‎10-28-2003

Re: Suspected "bot" Activity email from Comcast

[ Edited ]

gdio53 wrote:

LOL.  That just confuses the end user!


Are you also aware that Norton Security Suite is branded Constant Guard fro Xfinity?  Comcast is super ate up with their Constant Guard this and that and supposedly all things pertaining to security put out by Comcast, or is it Xfinity now (?) is brandeed Constant Guard.
The orignial Constant Guard pertained to the Bot detection and notifications and can not be opt out of - just something folks have to live with.  I do believe it is a good program and something an ISP should provide.
Then Comcast (Xfinity) decided that they would take programs from other companies and make a "Constant Guard Protection Suite"  which in most cases duplicates the Norton Security Suite which they then decided to brand as Constant Guard from Xfinity in large letters with a small Norton Security Suite label in the upper left hand corner of the main page.
Actually, it is all one big confusing situation and IMHO Comcast (Xfinity) would have been far better off trying to be a very good ISP, rather than trying to provide a protection suite when they already had a security program with Norton.
 End of my rant!

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'

Regular Contributor
Posts: 61
Registered: ‎06-30-2003

Re: Suspected "bot" Activity email from Comcast

[ Edited ]

Yes, I knew that Comcast offered NSS as part of Constant Guard, but you can install download and install NSS without the rest of their offerings: http://us.norton.com/support/comcast.jsp?pvid=nsce_1&layout=Comcast

 

Constant Guard has a lot more than NSS in the package: http://xfinity.comcast.net/constantguard/Products/CGPS/?cid=NET_33_600

Regular Problem Solver
Murphy
Posts: 470
Registered: ‎10-08-2003

Re: Suspected "bot" Activity email from Comcast

Do any of those who have posted in this thread with the same problem have Apple computers?

 

Based on the times given by the bot check website it is happening when my MacBook Air running the Mountain Lion operating system is in use.  The only recent program on that machine is the Vienna RSS reader which goes out and reads six RSS feeds when the program is started.

 

Regular Contributor
Posts: 61
Registered: ‎06-30-2003

Re: Suspected "bot" Activity email from Comcast

[ Edited ]

No, I'm running on 3 PCs. On addition, I have 2 TVs, 2 BlueRay players, 1 smartphone, and 1 PDA connected to the internet.

 

I checked https://amibotted.comcast.net/authorized.html late last night, and nothing was showing, I just checked and it shows activity at 6:30 this morning, which is whan I turned on my phone.

 

I ran all the scans I could on the 3 PCs, and nothing showed up.  I did install RUBotted: http://download.cnet.com/RUBotted/3000-2162_4-10977404.html on the 3 machines yesterday, and it hasn't shown anything suspicious.

 

I suspect Comcast sees my phone activity as a bot, as the phone checks several email accounts, Facebook, Twitter, LinkedIn, and other online links when it powers up.

 

I'll keep tracking the time the bot activity is reported and see if there's a link to the time I power up the phone.

Regular Contributor
Posts: 61
Registered: ‎06-30-2003

Re: Suspected "bot" Activity email from Comcast

Got another email today!

 

I called Comcast Security and talked to them for 15-20 minutes.  Explained all the scans I did, how my router is locked down, etc.  He had no recommendations and said my network was as secure as it could be.

 

I also told them that I recently received a new IP address and the bot activity emails started about the same time.  He said that the server that monitors bot activity isn't up to date and doesn't report in real time.

 

I cloned another MAC address into my router, reset the modem, and received a new IP; checked the Am I Botted site and it shows the new IP is clear. I'll check over the next few days to make sure it stays clean; if it does, then it was a false positive based on the new IP address.

New Visitor
propita
Posts: 1
Registered: ‎09-04-2012

Re: Suspected "bot" Activity email from Comcast

I just got off the phone with comcast, activating my new modem.  I started having connectivity problems a bit more frequently and comcast had stated months ago that it could be my modem.  Maybe.  The thing was almost 10 years old.  

 

Anyway, right after that, I got the "you may have a bot" email.  I'm running an imac, a macbook, ipad, and a dell.  I have comcast's Norton.  

 

Anybody think I should be concerned?  The "Constant Guard" comcast is touting, is it free like Norton?

Contributor
Posts: 15
Registered: ‎12-16-2007

Re: Suspected "bot" Activity email from Comcast

I got the same email from them on the bot and when they told be the date and time I just laughed.  We were out of town, all the computers and the modem were powered OFF.  The only thing I was using was my iPad and that was through another secure service on the east coast.  Go figure.  Being on a Mac, I couldn't complete the steps they told me as the software is not compatable with my OS.