[chirp_users] Malicious use of chirp_users email addresses
Hello all, long-time lurker here.
I have noticed that the list-specific email address that I use here, has been used in attempted logins to my email server.
From the last couple days, these login attempts have been showing up in
my dovecot-related logs, from the following IPs:
103.181.14.250 103.251.143.14 111.70.14.8 121.138.183.176 122.151.32.167 122.169.42.241 123.157.4.248 14.85.88.26 157.208.36.100 180.130.175.136 182.70.242.47 182.75.197.174 183.213.25.118 183.62.20.2 190.93.189.227 196.191.212.238 222.110.220.110 27.72.41.155 31.173.28.23 50.58.168.150 60.221.224.220 61.153.208.38 80.21.208.94 84.235.46.149 91.73.247.158
There is little chance of harm done on this system, but if they have mine, they're likely trying the same on other members' hosts as well.
Cheers, Tim
I see between 600 and 1200 of those per day here at a tiny mail server, some indeed with the address I use for this list.
Most of the IP addresses you quote are listed on the CBL (blocking list for hosts known to be taken over by malware, worldwide). Several of the ones from your list that I spot-checked are also being actively used in the fake "take the survey and get a 300-piece tool set" variety of scam spams. It will be something different in a few weeks.
If any given mailing list or other discussion forum has a publicly accessible archive, you can bet your bottom dollar that it is scraped several times per day by list collector bots.
mdr
On Thu, 26 Oct 2023 12:30:15 -0700, Tim Lavoie tim_chirp@fractaldragon.net wrote:
Hello all, long-time lurker here.
I have noticed that the list-specific email address that I use here, has been used in attempted logins to my email server.
From the last couple days, these login attempts have been showing up in
my dovecot-related logs, from the following IPs:
103.181.14.250 103.251.143.14
[snip]
On 2023-10-26 12:30:-0700, you wrote:
Hello all, long-time lurker here.
I have noticed that the list-specific email address that I use here, has been used in attempted logins to my email server.
this is why all my passwords are random, with no duplicates.
73 Rich NE1EE The Dusty Key On the banks of the Piscataqua
This is also a very good reason why many (most) email servers do not host an account that may be used by one of the email client users. They have an email account but not a user account on that server.
Jeff KI7GJG
On Thu, Oct 26, 2023 at 5:01 PM Rich NE1EE TheDustyKey@imaginarian.org wrote:
On 2023-10-26 12:30:-0700, you wrote:
Hello all, long-time lurker here.
I have noticed that the list-specific email address that I use here, has been used in attempted logins to my email server.
this is why all my passwords are random, with no duplicates.
73 Rich NE1EE The Dusty Key On the banks of the Piscataqua
chirp_users mailing list chirp_users@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_users This message was sent to sandhillsinvestment@gmail.com at sandhillsinvestment@gmail.com To unsubscribe, send an email to chirp_users-unsubscribe@intrepid.danplanet.com To report this email as off-topic, please email chirp_users-owner@intrepid.danplanet.com Searchable archive: https://www.mail-archive.com/chirp_users@intrepid.danplanet.com
participants (4)
-
Jeffrey Vian -
Michael Rathbun -
Rich NE1EE -
Tim Lavoie