Conversation
Notices
-
Embed this notice
Jonathan Corbet (corbet@social.kernel.org)'s status on Thursday, 05-Dec-2024 03:28:37 JST 
Jonathan Corbet
So here is a weird one ... the LWN site has been seeing a steady stream of login attempts, all using weird yahoo addresses as the username. By "weird" I mean things like lllbnwidgqeerdyi@yahoo.com and other equally unlikely strings.
These do not correspond to LWN accounts, but somebody has looked at our login form for long enough to post the login attempts directly, without loading the form first. The attempts come from all over the Internet, suggesting that some sort of botnet is doing this.
I don't suppose anybody else has seen this sort of pattern, or has any idea what it is that they may be trying to accomplish?-
Embed this notice
Jonathan Corbet (corbet@social.kernel.org)'s status on Thursday, 05-Dec-2024 09:46:17 JST
Jonathan Corbet
@KasTasMykolas You need to look at least long enough to know what names have been assigned to the form elements. It would take less than a minute, but you need to do it for every site you want to attack.
Because I'm an obnoxious person, I changed the names of those elements today, conveniently bringing an end to all of those login failures. We'll see if they bother to update their script... -
Embed this notice
KasTas (kastasmykolas@river.group.lt)'s status on Thursday, 05-Dec-2024 09:46:18 JST 
KasTas
@corbet I wonder, if that would actually require looking at the login for long enough, or looking at all.
It's king of typical <form method="post"> <input type="text"> <input type="password> <input type="submit"> thingie anyways, right?
-
Embed this notice
Alexandre Oliva (moving to @lxo@snac.lx.oliva.nom.br) (lxo@gnusocial.jp)'s status on Thursday, 05-Dec-2024 10:55:15 JST 
Alexandre Oliva (moving to @lxo@snac.lx.oliva.nom.br)
buggy bot using mailman-generated passwords as usernames and vice-versa :-)
-
Embed this notice
All GNU social JP content and data are available under the