On 2020-08-19 at 19:49 +0800, Philip Paeps via mailop wrote: > On 2020-08-19 17:51:51 (+0800), Andy Smith via mailop wrote: > > Since yesterday I've been seeing a large number of attempted > > subscriptions to all the public lists on one of my Mailman servers. > > There's so far been 160 attempted subscriptions for 69 unique email > > addresses. > > I see some of this on FreeBSD.org as well. Roughly the same magnitude > you're seeing. > > > Therefore I think it is an attack on these addresses. > > This has happened before... We have a hack in our webserver from June > 2018 when one specific address was being subscribed over and over and > over again to every single Mailman list on the internet. > > > All of the subscription requests are coming in with a UserAgent of > > "axios/0.19.2". I have for now blocked this in my web server: > > Since we're only seeing a couple of hundred of these so far, I'll hold > off adding yet another hack to our configuration. > > Thanks for the heads-up though. It's worth keeping an eye on these > things. We run an awful lot of mailing lists and it's not very > difficult for a script-kiddie to cause a flood of subscription > confirmations. > > Philip
I was going to enable the 2018 mitigations... and it turns out it they were already active. Quite similar as reported, around here. It started subscribing lywlo...@gmail.com and lywlo...@gmail.com, then mmc49...@eoopy.com on multiple lists... a total of 221 emails so far, from 595 ip addresses... out of 601 attempts. Unlike in 2018, here each IP is doing a single subscription, the 6 cases with two subscriptions may have been errors... or the botnet is just so big that it is hard to be hit twice by the same IP. All of them with User-Agent axios/0.19.2, and password 123456789. $ while read email; do printf "%s" "$email" | md5sum; done < bademails.txt | cut -d\ -f 1 | sort 002e30ac2ab27d71e1537732bf5ec06a 01869f4f35ce0169312f3773497a29a4 02d759ac00b28334a5a27c7d4966fa0c 02edcda251d2bef9ff972d37e1b1a470 05ece2f3adfc85a71b784026e3ba5ef6 05f6395601d880499c8d074cb905e488 06ed53c37ed98e38c0e876e86eade551 0936c0d3b570f0845537de1eb9789a37 0fdfc7478c5ac8e6635b6eac845c86ec 10e07e9a1678d5d6a0cea12734bc2823 10ed518cc851aef9196a566d916961b6 1183d56764138d6dc62cc74eec9a571c 1339e82134c0da41a0d4e47e09ccfa11 150a67ba3a5e7a6a12ef70c45a24d189 166fcf0be322450a6431697b8824051e 1c9b9e0119c5ef975b69e9d13a63f6c9 1cfd2b74651e1c46b3d13cb38f11de30 1e37bafb524d678656f593b59240d9a4 2011f3d0d441fa7534126c5e6edd8e14 21345e3154d27a2b642410c6b85289ad 2286806547c7582aac75e037d564227e 23dccee843269d1dac84efe85d62e214 258ac25d939fc72cf35634b2773ff411 25ced9c6e47f90a2bd2d9ae4181f533f 2612d28cc89294aae069f3bdf4ae0bc7 2715a83b40bcf10d387c1add8bdb619f 27365a99b33910fed10d4304699b71aa 273b30472e9e7b0b59efb2573d9fb727 2751f0387dc5a6d75eacf544a075bfcb 285b450cc4d8eb088076eebb187ef915 28c418777878725215d280932f41ed47 2d57169596ea4ea49cbffb8dc8c91223 2dbafdfd2ea79d3ac3697daebda904b8 2e7d2f439f0d1ec2f1d9cc3ced65cf93 2f2017437f26632e41e0925a9b706b26 3030407a3a897cb79e2ed350866cc4f0 32568053ec7363187f4ec2dce9b2eecb 33e8f72c55972a3abd99ed6bbb275908 345cdc7082222b26d9c8f249e74384da 34b96e820067c0cfa56844279da3346b 34f2db2fbae6c6382102dd73444b4be6 3620b93fdf92223edaf36ee0d3dd7f79 373e1389bade3ef9bde30af1a2e4cd9e 3883f3370a534d9f51a4ad31c1b2fdf6 3adf1219508b9a69ef105624fb4a5d55 3afc3fa87ed45ced11359875d973ec30 3b8ff7c3f576f70adeedc38bb6570647 3c0cdcd022b28fae5a28f2c4ad799809 3c66cbd60de11f908732c7f095ee1b2a 3cb5d22552452b0148e87a3cb7c431f3 3daf65621edfa550913ba9f303bea6fc 3f329e034df78e15f13584e15255bb7a 3fbd6905b994a8b1908b2962afcd6a30 3ff6cc239738381c27a6f9cea546e779 40fdb2046825752098c490b0eecdf555 41470b171265f99895c6685b11047293 42cdb74a12513003d21e4f3411353f32 4412e075e9c3fd688456d4434418cadf 446364bc5884447e8b8aea233f7ae0bc 46939f2aaa3180a3c4d542d79f1ff828 47989c863bd591b7a8194eded00b0640 483030240284df5f3738a5375476182c 4a83ba5393ed329c6f3488cf8d872e61 4b1706c92ff7efb75fddbbccc1f20072 4c9778d8aa5bb9aaddcd6460d659a33a 4d0824627a77acfcf40cecbf90c66b2f 4d7fae798d142bef3b4d2ebb8df9e9b5 4f52792917af2ba8067344b275187ae3 4f88b267e125087b131a974de25eb39e 4fd4978b6fe1532e15c6065639f250f9 50629cf1e4bc58633f4f3448628819eb 510c89c867efa31d55354e7b4027c27f 5154726cd05db33ada39c0abbeec0103 51a4191cb35015b438325f64bd4b1d24 52c6674d6210a7fcb358a3369adb95f1 5402c9a8bcc42efa2667d3a43bd67078 54d12876511dcf424a55ba881b69cfa2 565afdcca629c972dbdb8a9e2198f4d6 56874f5e5aeb1b2c30987e0673cc4b28 56e4686325fd036bee6b088269d2ab8a 589e059fb25db3ecda9bfe76e08b3957 5aab3f1589ed4de4378c0d1782896f89 5ab5cec75772fb57216430e7af21f7f7 5d5689280c01513535af513a91414e57 5d8bb463bb35d5128c745f2a0c6be1ea 607cd521764bba22f60490c70a3e7d86 60ea5da2b15b5a6aa841daa02748c707 61a7777d1a9fa444ef82f3b69176a3ab 621ddceaf6597852c759972182c4f2b0 624d5a603eb66d76983c5a142141d13e 63315dede090d0a8b5d81f00fd706a2b 636e733b271e235f93ce7d6ccb884c5d 63fa3f8f27ea3071ece02172ba18ccf3 645ae31ebe6ee116825a7bfcb4c1e196 65bdef3c274a19ca6f844d47687a6219 675b876580547e52f0c8c895ec1669c2 68ee9a6477fe80a6f8aaf9a7c8bf416c 68f812362fd661df75270c4f33b91c49 6a0e7b2c896c69c998675f0205d540ed 6a14eb61b45af6fae6dffdf5ce09ac27 6c02def25050a51cc75af13d424ad8a9 6c37bb9221cfea2a5fbfa7b0063f1e02 6d8456e81b91f82eb4b42a51f56feef2 6dce75f20de3966ab81de2d95ff5d9d0 6f6768bf51e6e422ed1289b3869aee11 6faff0a034f0f729461580139225f939 73006b5b068d67657637b13c6cdbc021 73451b0c3c313aecb09ecedb4fe6a7dd 7651e956a277ac1d99b4674d1487e3d4 765cc7997918a94ef34488aba6c1285f 76b1b08cd0deeb90a66c4d7303e2ba65 77e13f6a8b24468f97fc20d6e0731f1e 78932257fc3cbe29c5392eaa68dd175e 7999e62947e6f8118557ab855f776a52 799fd5767937091cffb2db3bc369c595 79c243bf642d93f2085998a34f0e65e5 7c1f10c723c936020e16221013be8721 7c5017c295ee3bcc86b7e4d16bb3082d 7cd5c19dc8389fb7551a368b7737c84b 7d0390ca97d657b6566939009dcbf76c 7d03bb47cf4b3c8b6b15642c763db0d5 7f7f269d8e25771cd57c0c2057bf8108 7fe4e58d90d2fd98c3c6d72ba1c44c7d 809c44be8787ca48e8d9317507818793 8161d22688eab8dd557aec1fd32192b7 835f306d0f3d52bf939a7a6c1dda39ee 854ea4e6185e67cfaff041e775d2f4ff 890471c9570c7e3fc31879877596d851 8a5c52712e08a0e2935ca551e9e96f43 8acc99bb43ce006e8066352a0141f4b3 8b223b75d776b5bea5a9d6a7361b4d72 8ba8b7e7c8874d3d63de1cee41554b76 8cc656bd8bd5b22daa1369f67df8310d 8dd4fc684161f413ccefc2102e67d9c3 8df6e5f9acbaf8b7017645c6cd6254a6 8e55bb116db60aa8471fc1963af47ea0 8f03ec54eb3140cc91e1aad5225ff8b6 8fd918761d4329448ce683e5573195d0 929f5bb26a3f43501607e615ce0ec53b 95307643368b4d98e50457face2d42bc 961361b86a207e7b817770e83030e2b1 96dd2c29a6be5d7dfbb7d418ba93d448 9706b28f7d3208d8ac86b7b62e81633d 97947af5efedbf300c0e1785a16cf201 98abff4bad4f78dadd22c4eb1d625dae 98d9a7d3f944e82d6c6588368db7507a 9a31e6d055587bd6b03d0c5ec81d77e4 9ae8bcd3e73bc086fb94c1fabbcc60e0 9b650e07732e4472a7bd1f263fb161c8 9cfbec2403dd0b8758f093b6b0a30cf6 9d12693f23513696b5fa328087ec2678 a0917b7f15d994335090ecc21534acb9 a126fbb2943014ee8b83c0528c4268b0 a19dd323aeb7cd42c9d11c29e7f46bb3 a53c165c12c085efc49d284bfd236b27 a8cf5bb4b2f0d7ade8b2382d2c7b02d3 a96ace602cce8729309efbf041419a4e a9f34487eff59fc70a10b7a0269b02f3 abcff567f0623606ec778478d8f4ae18 abfa3d2d44fdb01968c71a53c831b63a ac74a093ca90b1f8f0b36ee1b03e2dd7 ac76963e5de8711568f79424739a3614 afbdc9f682c1ccaa9d73472e2bb9ce84 b318badd25a32930cb0a457bb4944fa6 b4b2120f3e83e266a82153b3d8f799d6 b58e9c18305628f73182ed3b69726859 b9b95e75b4138aab13156bd6c1fd1fa5 bbd24b613c263873a291d71fd0da42cc bdc50652bdac797d0f540b97f1633d76 c18331f063fc816831457e50cc5a9859 c1fff7b07423e6afe5a29bcae2a0f224 c43bf1f4c0774ed8d5d80644d577ed9f c4649ec87dc14ee8550f4ab6b56c395f c7893db6c6c9c1465574a9952adaa684 c7e0b4cf0df4e13feaccb3c4bd96dc2b c992da7f3c2b27efbd146bd8d7c49932 c9ca6e991f6461cbd8d115fbe6380e47 c9d9cd703e7e0735bebcd876f3064f7e ca2db25378fa43a81529712557a336c8 cbded33b3263643fcceaa499f08f5b92 cca8a626b12d1e3c9b5da82e6bb95cf1 cf3bacbbe20ae82bcbede4c4675d25b1 d1f937e0d35d2a9da8064bda574656e1 d2510e94eb54b62382f607a3fc009d17 d4df80b6f6ea0546029ac40d7b0b86d2 d5208abe35f9c549123daf0c99a28e1a d7293c5936b016805913c4f5045dd513 d7d8a2d5cda933e8ce9519eb6402045c d80d512d5c686cb35c007ad10bcaaeec d82855512801812fc9cd1d712cabbe04 da583666b72ee5b9a3152d5eaf853f18 dad4ba4cb7e6c835d8ad98e85d08eddb dbf60ccd78f031639f5422d681719713 dbfdca9b600a6d86dfed3ffc289e65b7 dccb29b28b579430377f42f8dd0edd6f ddb3f83a2f75f4bd11f0b2e03f74d8b8 de885653164791c188df08938d3eab4f dfb42c03b5d5ea368cd18a30669f85cf e0fa296312878799163d64b7f3e21a21 e10e8700918e2693632c9f78cf778c78 e137727270b5ed64074d560e870e79ab e22b7cee8ed594b25ffd620869924259 e4d098bf23c0e54e40204ae19ba152f5 e4ef50f8919611d60e4c63366836a6fe e583bba192b22c905b089212ec3ab273 e8d90056edd1e70a40080f099746b04f e966e92787245911cc1db723e6f5c5a2 e994183f82914185c64ea77cbf5813bf e9d483a7d78f2287a6248ac6c77578c9 ebe3c108d3f41d87f6456b6d4359c823 ee6a466e102955a30b0755475aecd428 ef81f38b3df99da3aea900986c2a8dc4 f02b86f16f872930da4f993d934ce8ed f1b1062289424fe715b304d3e70e320a f4c6b0fa5e0229edec171753382656b9 f5e763fc96992e79d26e0b944021aa88 f7f14585fb8cf49a57b045c36a9d7745 fadbce84443eaff806beb631353a2be7 fc72b374118632fbcc9b103576d7116a fc9020c124c191549e1de19260319e7f fdbcd9d7aabcf9ba1070f9c837ea638e These are the few emails seen by Andy which are not on my list above: 13e7e846656d605bc26afc935957da49 278dc6425dc8a8e5aa1e31c72ce78ed2 45fa4a3011359401a7387309ba7d4f11 5b4793e014272d407a9fe290d3af55ae 6223d356c35aaa83be84c42ac9238e74 83009a39ad539c5f4bf4834b183a64a8 8de0f2101d30824b69a7fdc722618788 a07afd1bfcfa887cca02771a79189431 a3bb7c13d4c49d2663f7dd326d430d31 b5c5a396b7af663a84a33fbde5f77bf9 b7d933864c828d85038d69fee742d310 cfc87d3ff9bda35c7738a8207f8756bb e13cea6a5e0029d0a81386379fb667ee I have searched a few emails, but fail to see why they would be a target. Maybe only a few of them are the real targets, with other addresses being added in order to conceal those? Regards _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
