Are you sure it's actual people registering or is it bots? Do the sign up pages have effective captcha or other anti-bot/prove you're human measures?
On Thu, May 26, 2022 at 7:30 PM Ken Simpson via mailop <mailop@mailop.org> wrote: > > It's WooCommerce: > https://github.com/woocommerce/woocommerce/blob/ab1a35719c8719c0065f6053892ca970f7f01deb/plugins/woocommerce/includes/emails/class-wc-email-customer-new-account.php#L83 > > On Thu, May 26, 2022 at 5:08 PM Ken Simpson <ksimp...@mailchannels.com> wrote: >> >> Hi Jarland, >> >> Yes, we see this as well - since this morning Pacific Time. They are >> snow-shoeing too, sending just one or two submissions per web form, >> presumably to keep a low profile. Same pattern of recipients as you are >> seeing. >> >> I'm trying to track down the victim software, which seems to be a WordPress >> plugin. >> >> Regards, >> Ken >> >> On Thu, May 26, 2022 at 4:15 PM Jarland Donnell via mailop >> <mailop@mailop.org> wrote: >>> >>> Over the last week or so I've noticed an exceptional increase in >>> outbound emails from my customers to invalid recipients. Obviously this >>> is problematic but understandable. All of the customers in question run >>> websites that send an email to confirm registration, and all of the >>> recipients are properly formatted email addresses. They just don't >>> exist, and they're increasing at an unusual rate. Others may have the >>> same going on but may not yet be aware of the pattern. My hope is that >>> by sharing the pattern others might begin to fight against it as well. >>> >>> Here is a look at some censored logs: https://clbin.com/Gxeoo >>> >>> Notice the trend being username + 4 digits, primarily at free email >>> providers and regional ISPs. Examples: >>> >>> heidireynoldsplad2...@gmail.com >>> susanpowersvgjfae2...@cox.net >>> pabloharveyfhi6...@rediffmail.com >>> florencenashhqjqj8...@orange.fr >>> carlosfranklinlydy2...@comcast.net >>> >>> It's really off the charts, and it's impacting a wide variety of >>> customers who have no relation to each other. The only similarity being >>> that they send out website registration confirmations in all cases. >>> >>> Of course, my first theory is forum spam / blog comment spam. Even if >>> they can't accomplish the spam, they have most likely built complete >>> automation to handle this process of mass registrations for a wonderful >>> "spray and pray" technique. Since the email accounts don't exist, >>> they're most likely hoping that a confirmation isn't actually required >>> to begin submitting content to the sites that they register on. >>> >>> Use this how you will <3 >>> >>> Jarland >>> _______________________________________________ >>> mailop mailing list >>> mailop@mailop.org >>> https://list.mailop.org/listinfo/mailop >> >> >> >> -- >> >> Ken Simpson >> >> CEO, MailChannels >> >> >> Facebook | Twitter | LinkedIn | Help Center >> >> Our latest case study video: watch here! > > > > -- > > Ken Simpson > > CEO, MailChannels > > > Facebook | Twitter | LinkedIn | Help Center > > Our latest case study video: watch here! > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
