Forgot your password?
typodupeerror
Security Spam

Password Gropers Hit Peak Stupid, Take the Spamtrap Bait 100

Posted by Unknown Lamer
from the bad-strategy dept.
badger.foo (447981) writes Peter Hansteen reports that a new distributed and slow-moving password guessing effort is underway, much like the earlier reports, but this time with a twist: The users they are trying to access do not exist. Instead, they're taken from the bsdly.net spamtrap address list, where all listed email addresses are guaranteed to be invalid in their listed domains. There is a tiny chance that this is an elaborate prank or joke, but it's more likely that via excessive automation, the password gropers have finally hit Peak Stupid.
This discussion has been archived. No new comments can be posted.

Password Gropers Hit Peak Stupid, Take the Spamtrap Bait

Comments Filter:
  • by Mr 44 (180750) on Wednesday August 13, 2014 @11:27AM (#47663283)

    This is great news for stopping this particular batch of spam.

    You just posted the same point twice in this thread, and its completely wrong both times, and shows a total lack of reading comprehension on your part.

    They are NOT emailing these addresses, they are attempting to log in to them.

    Read the fucking summary, at least. You are what's wrong with the internet.

  • by oneiros27 (46144) on Wednesday August 13, 2014 @12:15PM (#47663653) Homepage

    There's even a term for this, teergrube [wikipedia.org].

    An ISP that I worked for in the 1990s used to do this (dcr.net, owned by Drew Curtis, of fark.com fame).

    We had some code that would look for blatant e-mail harvesters, and would SLOWLY return random bogus e-mail addresses ... wait a couple seconds, spit out an address ... etc. The page at the top even had warnings that the page was completely bogus.

    At first, all of the e-mail addresses were all in our domain (but not our real mail server), but I went and added some code that would look up the connecting IP's network (I think I used whois.ra.net), and would also include '{abuse,postmaster}@(network)' and again for the network's upstream providers.

    I can't remember if the bogus mail server was also the box that we had set up so that if *anything* tried touching it, it'd blackhole the connecting IP at our external router, if it was a teergrube itself.

Reference the NULL within NULL, it is the gateway to all wizardry.

Working...