No idea whether it’s bots or real people, but I suspect it’s bots given the scale. We’re seeing thousands of unique sites per hour being “compromised” in this manner.
> On May 26, 2022, at 6:38 PM, Scott Mutter via mailop <mailop@mailop.org> > wrote: > > Are you sure it's actual people registering or is it bots? > > Do the sign up pages have effective captcha or other anti-bot/prove > you're human measures? > >> On Thu, May 26, 2022 at 7:30 PM Ken Simpson via mailop >> <mailop@mailop.org> wrote: >> >> It's WooCommerce: >> https://github.com/woocommerce/woocommerce/blob/ab1a35719c8719c0065f6053892ca970f7f01deb/plugins/woocommerce/includes/emails/class-wc-email-customer-new-account.php#L83 >> >>> On Thu, May 26, 2022 at 5:08 PM Ken Simpson <ksimp...@mailchannels.com> >>> wrote: >>> >>> Hi Jarland, >>> >>> Yes, we see this as well - since this morning Pacific Time. They are >>> snow-shoeing too, sending just one or two submissions per web form, >>> presumably to keep a low profile. Same pattern of recipients as you are >>> seeing. >>> >>> I'm trying to track down the victim software, which seems to be a WordPress >>> plugin. >>> >>> Regards, >>> Ken >>> >>> On Thu, May 26, 2022 at 4:15 PM Jarland Donnell via mailop >>> <mailop@mailop.org> wrote: >>>> >>>> Over the last week or so I've noticed an exceptional increase in >>>> outbound emails from my customers to invalid recipients. Obviously this >>>> is problematic but understandable. All of the customers in question run >>>> websites that send an email to confirm registration, and all of the >>>> recipients are properly formatted email addresses. They just don't >>>> exist, and they're increasing at an unusual rate. Others may have the >>>> same going on but may not yet be aware of the pattern. My hope is that >>>> by sharing the pattern others might begin to fight against it as well. >>>> >>>> Here is a look at some censored logs: https://clbin.com/Gxeoo >>>> >>>> Notice the trend being username + 4 digits, primarily at free email >>>> providers and regional ISPs. Examples: >>>> >>>> heidireynoldsplad2...@gmail.com >>>> susanpowersvgjfae2...@cox.net >>>> pabloharveyfhi6...@rediffmail.com >>>> florencenashhqjqj8...@orange.fr >>>> carlosfranklinlydy2...@comcast.net >>>> >>>> It's really off the charts, and it's impacting a wide variety of >>>> customers who have no relation to each other. The only similarity being >>>> that they send out website registration confirmations in all cases. >>>> >>>> Of course, my first theory is forum spam / blog comment spam. Even if >>>> they can't accomplish the spam, they have most likely built complete >>>> automation to handle this process of mass registrations for a wonderful >>>> "spray and pray" technique. Since the email accounts don't exist, >>>> they're most likely hoping that a confirmation isn't actually required >>>> to begin submitting content to the sites that they register on. >>>> >>>> Use this how you will <3 >>>> >>>> Jarland >>>> _______________________________________________ >>>> mailop mailing list >>>> mailop@mailop.org >>>> https://list.mailop.org/listinfo/mailop >>> >>> >>> >>> -- >>> >>> Ken Simpson >>> >>> CEO, MailChannels >>> >>> >>> Facebook | Twitter | LinkedIn | Help Center >>> >>> Our latest case study video: watch here! >> >> >> >> -- >> >> Ken Simpson >> >> CEO, MailChannels >> >> >> Facebook | Twitter | LinkedIn | Help Center >> >> Our latest case study video: watch here! >> _______________________________________________ >> mailop mailing list >> mailop@mailop.org >> https://list.mailop.org/listinfo/mailop > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
