Password Gropers Hit Peak Stupid, Take the Spamtrap Bait 100
badger.foo (447981) writes Peter Hansteen reports that a new distributed and slow-moving password guessing effort is underway, much like the earlier reports, but this time with a twist: The users they are trying to access do not exist. Instead, they're taken from the bsdly.net spamtrap address list, where all listed email addresses are guaranteed to be invalid in their listed domains. There is a tiny chance that this is an elaborate prank or joke, but it's more likely that via excessive automation, the password gropers have finally hit Peak Stupid.
This guy might be overvaluing his files (Score:5, Interesting)
Re: (Score:3, Insightful)
As if you understand how spam prevention works.
What happened here is that the spammers have turned over the fingerprint of their spam directly to the spam stoppers. By emailing these particular addresses they are directly supplying information that can be used to block spam. They don't need to 'confirm' these messages are spam, THEY ARE SPAM, by definition. They don't need to wait for several people to report them as spam, they don't need to manually inspect them or weight them as 'potentially spam'.
Spam
How fucking stupid are you (Score:4, Informative)
You just posted the same point twice in this thread, and its completely wrong both times, and shows a total lack of reading comprehension on your part.
They are NOT emailing these addresses, they are attempting to log in to them.
Read the fucking summary, at least. You are what's wrong with the internet.
Re:How fucking stupid are you (Score:4, Insightful)
Mister44, it doesn't matter if it's for mail or for passwords, the result is the same. It is using hacker's automation to automate blacklists. Parent is not wrong, just misstated.
Re: (Score:1)
Why is this "insightful"? By the time the spam is processed by the trap and is blacklisted, the million e-mails have already been delivered.
The next time the spammer sends e-mail, it will be a different e-mail, so the existing rule won't trigger.
The only real effect this has is adding fat to the spam checkers, making mail delivery slower for everyone. Except the spammer.
Re: (Score:1)
Seems one could really screw with legitemat business by "registering" using one of the spam-trapping addresses.
Re:This guy might be overvaluing his files (Score:5, Insightful)
Using a custom implementation of PSAD and a bunch of PERL, the basic idea was that any time a specific IP (external *or* internal) scanned more than eight ports per IP across two or more subnets, it was unquestionably an illegitimate scan of our network, and the IP originating the scan in question was immediately submitted for null routing, because nobody could possibly have a legitimate reason for doing such a scan.
Port scans from internal IP's, along with those matching other patterns (such as multiple scans within a single subnet or attempting certain exploits/attacks that can be deduced from snort's output in
What got me started on this project was that, among other things, hackers were scanning our network for Plesk's default admin login port (as Plesk at that time *had* a default admin login and password), and any time they got a response from port 8443 on an IP that previously did not have that port open, they would jump in and root new installs often before the customer ever logged in for the first time. Needless to say, I put an end to that nonsense.
However, calling spammers dumb as others have above is probably a mistake: they can often be fairly smart, but what they really are - usually - is Peak Lazy, and are aiming for low hanging fruit. Eventually, the more sophisticated ones will create or adapt new techniques to defeat - or at least cope with - this particular methodology, and the cat-and-mouse-arms-race game of security will continue on as it always has, with one side or the other evolving new defenses or offenses, and the other evolving an appropriate response. The fact that a particular batch of spammers got caught and will find the emails from their current spam campaigns not reaching their intended audience on this go round will only slow them down for a time on the domains this list covers, but to say the spammers have hit "Peak Stupid" as a result of excessive automation is, in fact, an NP-Dumb analysis.
Re: (Score:2)
As if you understand how spam prevention works.
What happened here is that the spammers have turned over the fingerprint of their spam directly to the spam stoppers. By emailing these particular addresses they are directly supplying information that can be used to block spam. They don't need to 'confirm' these messages are spam, THEY ARE SPAM, by definition. They don't need to wait for several people to report them as spam, they don't need to manually inspect them or weight them as 'potentially spam'.
Spam one of these addresses then:
Your host is instantly on a blacklist in most cases.
URLs in the message are ranked as high probability of spam
The message is fingerprinted and added to anti-spam software
All of that without any user actually having to report it as spam, and thats just the simple stuff that happens.
This is EXACTLY WHY this list is online, to catch stupid spammers who aren't careful enough to avoid these addresses.
Its working EXACTLY AS DESIGNED. Hitting just one of these fake addresses can save it from hitting MILLIONS of real addresses.
So before calling someone else stupid, look in the mirror, you're at peak ignorant.
100% fucking wrong.
They're trying to log into these email addresses.
They addresses CANNOT be sent to - they are INVALID addresses for their domains.
It's right there in the fucking summary.
Re: (Score:1)
Re:This guy might be overvaluing his files (Score:4, Funny)
What's "peak stupid" here is the submitter not understanding how spamming works before posting on it.
Isn't it even more stupid to assume that stupidity has a peak in the first place?
One script kiddie made a mistake (Score:5, Funny)
so now they've all hit peak stupid.
I'm not sure it's the script kiddies that have hit that or the submitter and editor.
Re: (Score:2, Funny)
so now they've all hit peak stupid.
I'm not sure it's the script kiddies that have hit that or the submitter and editor.
"Peak Stupid" will be the dupe story...
Re:One script kiddie made a mistake (Score:5, Insightful)
although to be fair, you could call the nuclear arms race "peak stupid" because humanity was flirting with destroying all human existence. n00b spammers have no chance of being this stupid, and hopefully we will never be so stupid again.
Re: (Score:2)
Indeed - stupidity is the one "resource" our species is unlikely to ever run out of - even the brightest amongst us have more than enough stupid to screw up regularly.
And I think even the nuclear arms race probably wasn't peak stupid - we almost certainly couldn't sterilize the planet, and within a few centuries the radioactive fallout would have decayed to background levels again - probably only decades in some of the more out-of-the way corners of the globe.
Meanwhile things like nanotech and biotech have
Re: (Score:2)
Re: (Score:2)
Only if one presumes that per-capita stupidity is constant or decreasing...
Re: (Score:2)
Meanwhile things like nanotech and biotech have the potential to completely escape our control. You don't even need a grey-goo scenario - release enough buckyballs into the environment and virtually all cellular life on the planet will grind to a stop - you can't clean the stuff up, and it essentially never breaks down.
What hubris. The only thing nano-scale that humans can make that will be more threatening than the worst plagues humanity has already survived are biological weapons based on the worst plagues humanity has already survived.
Not to mention doing things like operating particle accelerators on Earth that we think could well produce quantum black holes. Sure we're pretty sure they'd evaporate harmlessly, but if we were *certain* of the physics we wouldn't be wasting time building ever-larger particle accelerators
The only thing special about LHC energy levels is that they can occur inside some neat detectors and measurement equipment, When the LHC comes online with its new, higher beam energies, the goal is 6.5 TeV per beam. Not bad for monkeys playing with fire. The OMG Particle [wikipedia.org] was about 300
LHC distinctions (Score:2)
Heh heh. The only problem of course being that they're not actually monitoring the LHC for all possible black holes that could potentially be created, and we have no idea how long it would take for a terminal event to build to noticeable levels. There could at this very moment be a microscopic black hole orbitting within the Earth, absorbing new matter just barely faster than it evaporates, biding it's time as it grows toward critical mass.
And no, there's two more important things special about the LHD as
Re: (Score:2)
Heh heh. The only problem of course being that they're not actually monitoring the LHC for all possible black holes that could potentially be created, and we have no idea how long it would take for a terminal event to build to noticeable levels. There could at this very moment be a microscopic black hole orbitting within the Earth, absorbing new matter just barely faster than it evaporates, biding it's time as it grows toward critical mass.
Ahh, you miss my point. LHC-level events happen in the atmosphere quite routinely and have for 4 billion years. Anything bad that happens, takes at least that long to destroy the world, and will happen today whether the LHC is on or off.
Anything spawned in the upper atmosphere is going to spend the first few seconds of it's existence falling through low-pressure air. Opportunities to "feed" off normal matter would be few and far between.
High energy cosmic rays are moving at very nearly the speed of light. From their point of view, the Earth's atmosphere is a nanometer or so think.
Would you care to speculate on how often a huge, super-tight cluster of cosmic rays manages to reach the Earth's surface all at once in order to mimic a single large-scale LHC test?
Sure, the cosmic ray particle flux is well known [wikipedia.org]. Events at the scale of a LHC collision happen about once per square kilomet
Re: (Score:2)
And you, it seems, miss my point as well: I'm perfectly aware of how often *single events* of LHC energies or higher hit the Earth, and am not terribly concerned with them - in a few billion years if a single-event catastrophe were at all likely it probably would have occurred.
But consider multi-event interactions that might permit a dangerous particles to clump together into something that could expand fast enough to become catastrophic. Have you actually looked at the LHC flux? The LHC's design luminos
Re: (Score:2)
You'd need to propose a mechanism by which flux maters, as I don't see it at all. The count of LHC-collision-level events happens naturally. The total energy in a second of colliding LHC beam happens naturally. Sure, cosmic ray collisions usually start high up, but the atmosphere appears quite dens at that speed, and momentum is conserved, so if some micro black hole formed, it would also see the atmosphere as quite dense, and then pass through the Earth very shortly thereafter.
As far as how we know: ther
Re: (Score:2)
No, I'm arguing for conservative risk-taking in the face of a species-terminating potential risk. You need to propose a mechanism under which you're CERTAIN that flux doesn't matter. One quantum black hole or strange particle may well evaporate faster than it can feed, but create a swarm of dozens or thousands of them simultaneously and some of them may manage to combine into something dangerous.
Certainly, we know that their are old planets and neutron stars. That's not the question. The question is "are
Re: (Score:2)
Ever thought about what counts as a species-terminating potential risk? If I get sick, it's possible that whatever is getting me sick is going to mutate into something incredibly nasty, so I should burn myself and my house with gasoline every time I get sick? (Well, I guess, only once.)
To be taken seriously, propose a mechanism how this might happen.
I'm not familiar with strange particles or why a flux of them might be dangerous, so let's talk about black holes.
How do you know elementary particles
Re: (Score:2)
Ahh, I get it now. You're frightened. Well, I prefer that humanity continues to do science, with the inevitable minor risks that entails. If the overwhelming agreement of experts in the field it that "it's safe", I'm going to go with that, and be content with the risk that they're all wrong, because the alternative is worse.
Re: (Score:2)
The second thing is that black holes don't suck material in any more than their constituent mass would. They also have charge if made from charged particles, so the proto
Re: (Score:2)
Certainly cosmic ray events occur on a regular basis - however, how often do you suppose a tight cluster of thousands or millions of cosmic rays all simultaneously strike a same square millimeter of the Earth's surface in order to mimic a LHC event? A single QBH or strangelet may be harmless - make a few, or a few million, in close proximity in the same instant and the same isn't necessarily true.
As for your charged black hole - what makes you think it would stay charged? It's going to be falling right th
Don't be silly (Score:5, Funny)
There's no such thing as 'Peak Stupid'. Every time someone gets to the top of the current peak, the fog clears and another mountain of stupid looms in front of them.
Re:Don't be silly (Score:5, Funny)
A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools.
Douglas Adams
Re: (Score:2, Troll)
Directly evidenced by the population's insistence on voting for the most stupid of politicians in the hope that they can't screw things up further, or in the mistaken belief that they can make things better.
Re:Don't be silly (Score:4, Funny)
Now, that's not true. Some of them vote for the second most stupid politician.
Re:Don't be silly (Score:4, Insightful)
No that is what nearly all of them do, the only difference is really a disagreement over which is the penstupimate politician.
Re: (Score:1)
Politicians are not stupid. They are liars, and they are loyal to special interest groups other than the American people. This sometimes makes them appear stupid to us, since what they are doing seems to contradict their stated intentions.
In the domain of politics, one should never attribute to stupidity that which can be explained by disloyalty.
Re: (Score:2)
Re: (Score:1)
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the latter." - Albert Einstein.
FTFY.
Re: (Score:3)
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the latter." - Albert Einstein.
FTFY.
Einstein was right, apparently.
Re:Don't be silly (Score:5, Funny)
There's no such thing as 'Peak Stupid'. Every time someone gets to the top of the current peak, the fog clears and another mountain of stupid looms in front of them.
A phenomenon well documented in the study "the unpeakability of stupid".
Re: (Score:2)
That is not funny, it is so sad it is insightful :)
Re: (Score:3)
No, we know "peak stupid" has been reached when the password gropers are getting more intelligent, reversing the previous trend of increasing stupidity.
Either that, or the submitter is too stupid to know the difference between a record high, and a peak.
Re: (Score:3)
True. Last time we hit Peak Stupid we were still doing pipelining stupid stuff. With modern technology we have super-scalar concurrent stupidity.
Re: (Score:2)
There's no such thing as 'Peak Stupid'. Every time someone gets to the top of the current peak, the fog clears and another mountain of stupid looms in front of them.
Yeah, but that doesn't mean the have to climb it.
Re: (Score:1)
Re:Editors (Score:5, Funny)
Re: (Score:2)
Peak Stupid (Score:5, Insightful)
Re: (Score:2)
So is trying so hard to coin a phrase like "peak stupid".
I was going to comment that they would have an easier time trying to make "fetch" happen [youtube.com], but with stupidity always on the rise...
Well (Score:5, Funny)
While reading this story I accidentally peak stupid.
Re:Well (Score:5, Funny)
Re: (Score:1)
Elections in the US are coming up shortly. Politicians are well known for selling stupid.
Re: (Score:3)
Re: (Score:3)
A world where stupidity is in short supply?
Hmm... one may dream...
Re: (Score:2)
Isn't "Peak Stupid" writing about it. (Score:5, Insightful)
Re: (Score:1)
No.
By them mailing these addresses, they make it clear they are spammers. That is what these leasts are designed to do, if you mail them, you're not only a spammer, you're too stupid to even have done any due diligence into your spam lists/page scraping.
These lists are public for this EXACT purpose, so morons who scrape pages get hold of them and email them, which then gives the spam stoppers a whole bunch of information about currently active spam. No need to wait for users to submit it, weight it, get e
Re: (Score:2)
Re: (Score:2)
Correct, but spammers rarely (if ever) harvest mail addresses by hand. It's an automated effort. It would of course be more sensible to not put a huge list of mail addresses out (since, well, it's rather unlikely that they're a list of good addresses, something's highly bogus when all it is is a list and nothing else, hence spammers might get wise in the future and avoid them), but having a few pages that normal surfers won't reach with a bit of an explanation that this is a mail address you should probably
No, it's not "email" it's auth! (Score:2)
I know, most here skim a title or summary and think they know it all, but really you should occasionally read TFA. The issue is not with people sending spam to a spam trap, they are harvesting email addresses and trying to authenticate to them. This is an attempt to compromise accounts, not an attempt to send SPAM mail.
Let me give you a bit of detail, I work with these issues daily.
Long ago in an Internet far far away Spammers learned that they could skim content to find email addresses. Using DNS resol
Re: (Score:2)
The crackers and spammers won't know which are which.
If they use the list to perpetrate, then their IP address is immediately tagged as being malicious.
If they use the list to cull their own list of nonexistent addresses, then they inadvertently cull your good address also. So you win again.
Re: (Score:2)
They're trying to crack the passwords for the emails in our spam prevention system. Presumably they can then start editing it to contain legitimate mail from legitimate addresses, which would cause a royal pain to people working on spam prevention.
Re: (Score:2)
And on a related note, this could also give them insight into the sort of passwords used by the anti-spam community.
Re: (Score:2)
You mean the "Keepass, generate a bunch of 20 character passwords, letters and numbers" kind? Yeah, they're damn predictable...
Maybe this can be used against the bots (Score:5, Interesting)
Populate the net with files like this full of E-mail addresses that are not valid. Have dummy accounts on the appropriate servers that will accept the logins, allow the spambots to think they're successfully sending E-mails when in fact they're all going into the bit bucket.
For added effect, make the servers respond v e r y s l o w l y under these accounts, taking tens of seconds to "send" the E-mail, a minute or so to log in, etc. Basically, slow the spam bots down and waste their time. Of course, the bots will probably eventually evolve to detect such shenanigans, but why make spammers' jobs easy? :)
Re: (Score:2)
...For added effect, make the servers respond v e r y s l o w l y under these accounts, taking tens of seconds to "send" the E-mail, a minute or so to log in, etc. Basically, slow the spam bots down and waste their time....
OpenBSD's spamd has done this for years.
Now I see the bots moving on to the next target when the SMTP conversation takes too long.
It's been done. (teergrube) (Score:5, Informative)
There's even a term for this, teergrube [wikipedia.org].
An ISP that I worked for in the 1990s used to do this (dcr.net, owned by Drew Curtis, of fark.com fame).
We had some code that would look for blatant e-mail harvesters, and would SLOWLY return random bogus e-mail addresses ... wait a couple seconds, spit out an address ... etc. The page at the top even had warnings that the page was completely bogus.
At first, all of the e-mail addresses were all in our domain (but not our real mail server), but I went and added some code that would look up the connecting IP's network (I think I used whois.ra.net), and would also include '{abuse,postmaster}@(network)' and again for the network's upstream providers.
I can't remember if the bogus mail server was also the box that we had set up so that if *anything* tried touching it, it'd blackhole the connecting IP at our external router, if it was a teergrube itself.
Re: (Score:2)
Hmm... my server can do all that and more (umm... ok, less) out of the box!
Maybe I'm new at this.. (Score:1)
I don't fully understand this term "Peak Stupid", but it seems to me the meaning is that it can't get any more stupid. If so, then this activity would be far from the peak, because stupid people will always surprise you by being even more stupid. (Or most stupider, as some of them phrase it)
That would mean to hit "Peak stupid", then the results would be fatal .. Like searching for gas leaks by candle light
Re: (Score:3)
I don't fully understand this term "Peak Stupid"...
It's the name of the mountain under which the most secure mail server complex exists. After decades of trying to get past the defenses, the password gropers have finally hit Peak Stupid.
Next stop? (Score:2)
Re: (Score:2)
The two are inclusive, not mutually exclusive.
Re: (Score:3)
all that CPU-time (Score:1)
Speaking of stupidity... (Score:1)
"... the password gropers have finally Peak Stupid."
I think you accidentally a verb.
Weird log file activity... (Score:2, Offtopic)
.
A lot of requests for odd URLs, all of which return 404. All of the requests that I checked originated at an IP address in Russia, and dozens of different IP addresses were used. These odd requests started about 5 or 6 months ago and have been ramping up lately. Makes me wonder just what they originators are looking for?
Re: (Score:1)
WordPress admin login pages and PhpMyAdmin installations with poor passwords, mostly.
I'm sorry, there is no peak stupid ... (Score:2)
Stupid is not a finite quantity in the universe, and it's not a zero sum game.
You can have an infinite amount of stupid.
Now, one might argue that telling the spammers how they've fallen for this and what to avoid ... well, that might be stupid.
Password gropers? (Score:1)
How much ... (Score:2)
That's the only thing that could possibly trump the current stupid position.
Peak Stupid (Score:1)
Questions (Score:2)
2. Assuming these brute force methods were used against real accounts, they would presumably become locked. It seems this would have been tried many times already in the past and present and lots of accounts would be getting locked all the time. Thus the email sites must have some way to detect and prevent this?
Just curious about these details... thx.