On 2020-08-20 10:52:40 (+0800), Michael Wise via mailop wrote:
Before they abuse a web API, I'd strongly suspect that they would abuse port 25.
But yes, it would be an interesting hypothesis to validate....

I hadn't considered that. It's not unlikely that by the time a botnet gets around to being used for abusing web interfaces, it's already been hammering at mailservers for at least some period of time. If it's been doing that for long enough to get listed on the XBL (or another blocklist), checking that on the webserver would be useful.

Something to poke at in my copious spare time!

And this isn’t just, “Spam”; it’s far more intensive, and can only best be appreciated from the POV of the recipient.
They’re not just using you to send traffic to them.

Absolutely. By the time we noticed the targeted attack last time, we'd already sent several thousand "please confirm your subscription" messages their way. Multiply that by the number of large Mailman installations being similarly abused...

This internet thing will never catch on.

Philip

--
Philip Paeps
Senior Reality Engineer
Alternative Enterprises

_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Reply via email to