Today, I noticed I had an extremely large number of “new” users, about 206 accounts in total created, with an odd username pattern:
www.XXXXX.blogspot.YY - Z.ZZZ BINANCEXXXXX was a randomly chosen set of letters, YY was one of many TLDs that Blogspot uses, and Z.ZZZ was some kind of price value. Clearly, spammers have found a new way to send spam: using the registration email that WordPress uses to confirm your email address is valid.
This blog has always allowed comments in one form or another. Originally I allowed anonymous user comments and ping-backs, but when those got abused, I disabled them, requiring that a user be registered with the site to comment.
That has been fine up until today. Some “BINANCE” arsehole decided that the username field was a perfect way to spray shite from one end of the Internet to the other. In total, 230 accounts were created in the past few hours, mostly to gmail.com email addresses.
Maybe the username field can be stripped on such emails so the only thing they can supply is the email address (basically making sending mass spam this way very difficult; they’d have to “encode” it in a sub-address … not all providers support this and they can do it different ways).
We’ll see what damage that’s done to the sender score on this site. I have a second route I can use for sending outbound email that’s got a clean reputation so not all is lost.
Comments for the time being will now be exclusively through ActivityPub.
Recent Comments