[conspire] Web spam and yandex forms
Akkana Peck
akkana at shallowsky.com
Sat Dec 11 11:25:33 PST 2021
Followup on my billtracker spam adventure:
I've hooked up the simple captcha, and added checks for things
like username length and :// in the username, so hopefully the
bots' account creation will stop.
But I'm puzzled about another thing they were doing: in addition
to creating accounts where the username was spam text, which I
now understand thanks to Ivan and Rick, they were also creating
accounts with random 10-character usernames like "zhxqbslrmu"
and a real email address. So the owner of the email address
would get a confirmation email from a service they've never
heard of, with a 10-character random username, and hopefully
would just ignore it. But what good does that do a spammer?
I've long wondered that, like every time I get a paypal email to
"Sheannsa awfsdgeasasdf" at my gmail address: some bot created that
account many years ago, and paypal doesn't verify email addresses,
so the account lives on forever and there's nothing I can do about it.
(I tried a password reset, but it's apparently tied to some phone
number I don't know. I even tried mailing paypal's abuse address,
but of course never got a reply.)
I get spam like that from quite a few places that have let bots
create accounts with my email address without verifying it.
I've never understood the point: how does it benefit whoever's
running the bot?
...Akkana
More information about the conspire
mailing list