New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
It wasn't me, I didn't sign up for your service
Apologies friends. Many of you received registrations for accounts for [email protected] and [email protected], and then received password reset spam for the same. These are not me. I have not signed up for any new services in the last 24 hours. If I do not have an active service with you attached to that registration, please feel free to delete these accounts and take additional measures to prevent your website from receiving spam registrations.
Side note: Of course concern #1 was that this was designed to cover up a compromise. I just finalized my audit and I'm comfortable with the result, this is just spam.
Comments
Such an odd thing. I guess I'm too much of a noob to guess why that spam is happening.
Same, I haven't signed up for anything at any @incognet.io domain. Seems more like a way to piss Jar off than me. I assume others are likely having their emails used to sign up for services they didn't order and that providers are being spammed with fake orders.
Shitty ASNs where most of these new user signups are coming from: 397630,200019,209372,211936,205565,3320,203346,207096
@alexhost mentioned :O
Fucking hell now I have to return the 300 custom servers I ordered…
Seems like someone is going around creating automated accounts with a bunch of different providers using a list of scraped emails. I see recent signs up from @jar 's mentioned email, as well as my own email, spamhaus SBL removal's email, etc.
Not really sure what the point is other than to be mildly annoying.
Together with DTAG
WHMCS waiting more of those $$$
It wasn't me, it's the one-armed man/woman.
Certain small mammal is back
2 days ago I suddenly woke up with both my business email address and my personal one, I registered, made orders and reset my password only 150 times.
could be an "email bomb" attack, attacker signs up to many newsletter and accounts using your email and your inbox gets messy, often done to hide alerts emails etc
but since this is targeting hosting related websites, it could just be an ex customer messing with you
One theory could be to cover up for a WHMCS vulnerability. Flood people's logs with junk, generate unrelated conversation, slip by under the gathering crowd to steal the databases. I doubt it but when you see a flood, always look for what it might be meant to take your eyes away from.
Highly doubt about that. Tiny would not try to harm jar
all that went to spam on GMail or you moved it manually?
The thumbnail was all I needed to start singing that classic 🤣
@jar was asleep in the car and his buddy tried this old chestnut: https://www.youtube.com/shorts/eO7zswn_QeA
For Gmail inboxes specifically (though I assume it's similar for other providers), it's also the case that if you spam them hard enough then they get rate limited and start rejecting incoming emails. I've seen spam against a Gmail inbox used as a sort of "denial of inbox" attack in the past, to disrupt someone's operations.
I marked them as SPAM manually. All of them reached inbox/important folders.
Hi, dear MannDude can you get in contact with us?
https://t.me/alexhost_on
Alexhost doesn't allow spam in our network that is in our AUP.
Please provider full details with logs etc and we will check.
Best Regards,
Alexhost
lel
I didn't organize the list by IP / ASN, just took mental note of the largest offenders is all. Was mostly Rackdog LLC, that SEO one, you, and like one other being the main networks.
ex-girlfriend.
How did the bad actors spoof your domain and still get through to the recipients? 🤔
Might be a good lesson for all of us to tighten up anti-spoofing measures, all the large ESPs now require SPF, DKIM, DMARC for senders so it's unlikely they would've let spoofed messages through.
Pavin.
You don't have to spoof email headers to mass register what seems to be a scraped list of email addresses on several different services.
Thanks for that, I fundamentally misunderstood the problem. 🤦♂️
Our client system is also guilty of this, currently it does not perform email address verification on signup but this is due to change soon with email based 2FA as default in addition to existing TOTP and passkeys.
Pavin.
I just woke up to over 200 registration spam, glad to know this thread is being monitored by the baddies 🥲
Pavin.