On 2020-08-20 10:52:40 (+0800), Michael Wise via mailop wrote:
Before they abuse a web API, I'd strongly suspect that they would
abuse port 25.
But yes, it would be an interesting hypothesis to validate....
I hadn't considered that. It's not unlikely that by the time a botnet
gets around to being used for abusing web interfaces, it's already been
hammering at mailservers for at least some period of time. If it's been
doing that for long enough to get listed on the XBL (or another
blocklist), checking that on the webserver would be useful.
Something to poke at in my copious spare time!
And this isn’t just, “Spam”; it’s far more intensive, and can
only best be appreciated from the POV of the recipient.
They’re not just using you to send traffic to them.
Absolutely. By the time we noticed the targeted attack last time, we'd
already sent several thousand "please confirm your subscription"
messages their way. Multiply that by the number of large Mailman
installations being similarly abused...
This internet thing will never catch on.
Philip
--
Philip Paeps
Senior Reality Engineer
Alternative Enterprises
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
