[Mailman-Users] Bogus Subscriptions (was: Mailman-Users Digest, Vol 172, Issue 6)

Jim Popovitch jimpop at domainmail.org
Mon Jun 4 18:27:43 EDT 2018 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Mon, 2018-06-04 at 18:10 -0400, Jim Popovitch wrote:
> On Mon, 2018-06-04 at 14:48 -0700, Russell Clemings wrote:
> > They seem to be changing their tactics pretty much regularly now.
> > Just
> > tailing the subscribe log I see all of these:
> > 
> > Jun 04 21:28:16 2018 (16689) LISTNAME1: pending Steven Lugo <
> > support at quickbitcoin.co.uk>  159.203.88.55
> > Jun 04 21:30:06 2018 (17063) LISTNAME1: pending Steve Asher <
> > support at bitcoin.com.au>  185.237.98.51
> > Jun 04 21:30:38 2018 (17503) LISTNAME2: pending Sterling Leng <
> > support at vaultoro.com>  185.237.98.51
> > Jun 04 21:31:26 2018 (17651) LISTNAME3: pending Cristina Hibbard <
> > support at vaultoro.com>  59.152.95.54
> > Jun 04 21:32:01 2018 (17754) LISTNAME3: pending Kirk Maddox <
> > support at bitcoin.com.au>  185.237.98.51
> > Jun 04 21:33:58 2018 (18188) LISTNAME4: pending Jarrod Rand <
> > support at vaultoro.com>  80.211.240.206
> > Jun 04 21:36:54 2018 (19212) LISTNAME5: pending Anna Glen <
> > support at quickbitcoin.co.uk>  159.203.88.55
> > Jun 04 21:36:59 2018 (19231) LISTNAME1: pending John Savage <
> > support at bitflyer.com>  39.137.69.9
> > Jun 04 21:38:21 2018 (19476) LISTNAME4: pending Sarah Adami <
> > support at coindirect.com>  185.237.98.51
> > 
> 
> Interesting, I see delimited email addrs for those same domains.
> 
> Jun 04 20:57:11 2018 (5670) users: pending James Sturgill
> <support+qjrr
> @quickbitcoin.co.uk>  111.13.56.16
> Jun 04 21:19:10 2018 (7469) users: pending John Heninger
> <support+qwnpn
> @bitflyer.com>  152.231.81.122
> Jun 04 21:35:52 2018 (8894) users: pending Judith Route
> <support+xwwrk@
> vaultoro.com>  149.202.38.124
> Jun 04 21:42:25 2018 (9149) users: pending Donna Watts
> <support+yvdmgcn
> @vaultoro.com>  212.73.137.45
> Jun 04 21:49:33 2018 (9323) users: pending Justin Rybij
> <support+jzmpfp
> rm at bitflyer.com>  67.197.233.15
> 
> FWIW,
> 
> here's the list I've accumulated so far:
> alec768+kxqun at gmail.com
> alec768+kyccjs at gmail.com
> alec768+orfeij at gmail.com
> alec768+tmtkl at gmail.com
> alexmanalo76+engl at gmail.com
> alexmanalo76+hrrfbr at gmail.com
> alexmanalo76+nbkdtau at gmail.com
> alexmanalo76+vhffieas at gmail.com
> alexmanalo76+vlkpqi at gmail.com
> alexmanalo76+vnsjpy at gmail.com
> alexmanalo76+zasnfp at gmail.com
> cybertuna94+cxrp at gmail.com
> cybertuna94+gjuhtqwq at gmail.com
> cybertuna94+jhitu at gmail.com
> cybertuna94+wdlgmeq at gmail.com
> cybertuna94+xgosrla at gmail.com
> cybertuna94+xkon at gmail.com
> desertkaiju+fylzc at gmail.com
> desertkaiju+piurldte at gmail.com
> desertkaiju+rvkvz at gmail.com
> desertkaiju+tajkn at gmail.com
> desertkaiju+vwsgneo at gmail.com
> desertkaiju+wffbf at gmail.com
> desertkaiju+zczm at gmail.com
> khongthong94+baduvtj at gmail.com
> khongthong94+bhctkgb at gmail.com
> khongthong94+veyaqcw at gmail.com
> spikedmauler+jlxz at gmail.com
> sqrlyjack+hbqlyxc at gmail.com
> sqrlyjack+hdhpu at gmail.com
> sqrlyjack+nypxw at gmail.com
> sqrlyjack+vamjnvg at gmail.com
> sqrlyjack+vdfltrta at gmail.com
> support+jzmpfprm at bitflyer.com
> support+qjrr at quickbitcoin.co.uk
> support+qwnpn at bitflyer.com
> support+xwwrk at vaultoro.com
> support+yvdmgcn at vaultoro.com
> tinyowl94+dcjfcsq at gmail.com
> tinyowl94+ftmydowx at gmail.com
> tinyowl94+kffmkq at gmail.com
> tinyowl94+pfayzh at gmail.com
> tinyowl94+sdch at gmail.com
> tinyowl94+zoqbn at gmail.com
> yllwdg+gitvhnt at gmail.com
> 
> And these are the IPs:
> 
> 101.132.136.83
> 103.35.168.166
> 110.37.200.83
> 111.13.56.16
> 121.10.118.70
> 138.122.2.7
> 139.224.24.26
> 144.76.62.29
> 149.13.80.46
> 149.202.38.124
> 150.109.44.245
> 152.231.81.122
> 176.235.99.166
> 179.180.144.28
> 181.118.183.153
> 186.251.102.85
> 187.106.238.241
> 187.12.46.218
> 187.190.221.71
> 187.245.88.185
> 188.211.227.149
> 189.76.93.64
> 190.12.47.246
> 190.144.39.34
> 190.214.1.26
> 191.0.70.90
> 193.165.144.66
> 197.210.216.22
> 197.255.255.91
> 200.165.177.66
> 200.202.229.218
> 201.10.154.50
> 201.49.98.58
> 202.179.186.138
> 202.179.4.70
> 202.191.121.171
> 212.49.84.113
> 212.73.137.45
> 218.60.8.99
> 221.214.208.226
> 36.67.233.131
> 67.197.233.15
> 78.66.102.104
> 80.122.84.246

BTW, most of those IPs are listed in the XBL (https://www.spamhaus.org/
xbl/).  I think I'll work on a patch to block signups from IPs in the
XBL and domains in the DBL (https://www.spamhaus.org/dbl/)

- -Jim P.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAlsVvN8ACgkQJxVetMRa
JwUaug/+IUCgta0kc6d6zUUvVqo26UGlMGA7xGyhSFwc5MHArRMp9HL02ZvvB3V5
7COmUt1BDpuXN+ANESWVan/ZUQtwo3B6TbJlItrquUyOlr0vsOAcIENaLF9M70Zn
lZNq7RbiuX1NqLwgCE5+XUBLqrBv/UN01TLjPyYIMhKvWzes/rFpyYNIoUECLX1J
DVqvlo03EQddZmccVFyQ9FBBJfYKYOjWx2U6Im2mtf11tRIrPScGNZHrUzEYXJJr
1ilFBEr4MAPAdGgN+NiX7X7ei/O516lZGpXyjt60Mod1x62FCxXTUTYEUQ8Lshza
kULK8QtECBANbNZP23NG7U7NnLINbC8qKkSKh5mkmhjlU+qhLh+6STTv/uyA5s6v
MllrEt72ycJIFH7Xt5hUH3RuHlNR/1OgM4d8yLbDeCy5S/WjXxfGG/PeSIBCtG3l
lZw/thIBxRcxOCa/s55PBvhIz0qgv1YSA4RgCBbw5MhsO+GbV9+/lX5/fkNKd+uE
nntLBr9TPtuRDLAMOatcz3L/Yc355DXVteGNxi4eHhcJJboWr24ACOChVCvsy63y
RH2lrZC+jsVr+f+HP4oZdoYGEtUZdxmVZYalRDmgHyFQL1pOfBzt7XyA11yFgWYq
/sSUuVrQxIeSmBjnnfyJWI8xC/ZDi8qniWaWl7AKsIQsXCp2tng=
=duQI
-----END PGP SIGNATURE-----

More information about the Mailman-Users mailing list