Conversation

Notices

1. Embed this notice
   Jonathan Corbet (corbet@social.kernel.org)'s status on Thursday, 05-Dec-2024 03:28:37 JST Jonathan Corbet
   So here is a weird one ... the LWN site has been seeing a steady stream of login attempts, all using weird yahoo addresses as the username. By "weird" I mean things like lllbnwidgqeerdyi@yahoo.com and other equally unlikely strings.
   
   These do not correspond to LWN accounts, but somebody has looked at our login form for long enough to post the login attempts directly, without loading the form first. The attempts come from all over the Internet, suggesting that some sort of botnet is doing this.
   
   I don't suppose anybody else has seen this sort of pattern, or has any idea what it is that they may be trying to accomplish?
   • Embed this notice
     Jonathan Corbet (corbet@social.kernel.org)'s status on Thursday, 05-Dec-2024 09:46:17 JST Jonathan Corbet

     in reply to

     • KasTas
     @KasTasMykolas You need to look at least long enough to know what names have been assigned to the form elements. It would take less than a minute, but you need to do it for every site you want to attack.
     
     Because I'm an obnoxious person, I changed the names of those elements today, conveniently bringing an end to all of those login failures. We'll see if they bother to update their script...
   • Embed this notice
     KasTas (kastasmykolas@river.group.lt)'s status on Thursday, 05-Dec-2024 09:46:18 JST KasTas

     in reply to

     @corbet I wonder, if that would actually require looking at the login for long enough, or looking at all.

     It's king of typical <form method="post"> <input type="text"> <input type="password> <input type="submit"> thingie anyways, right?

   • Embed this notice
     Alexandre Oliva (lxo@gnusocial.jp)'s status on Thursday, 05-Dec-2024 10:55:15 JST Alexandre Oliva

     in reply to
     buggy bot using mailman-generated passwords as usernames and vice-versa :-)