Re: random usernames in attempts to break in to my machine?
On Mon, 2022-04-04 at 17:27 +0300, Teemu Likonen wrote:
> * 2022-04-04 07:40:47-0600, Joe Pfeiffer wrote:
>
> > This isn't really debian-specific, but I don't know a better place to
> > ask... recently, I've been having servers make a large number of
> > attempts to access my mail host using what appear to be random strings
> > as usernames -- it looks like this:
>
> > They all have the same form: <something random>.fsf@pfeifferfamily.net
>
> That pattern is the Message-ID field generated by Emacs message-mode (or
> some component under it). Just look at your or my message's Message-ID
> field.
>
> > So, anybody have any ideas what's up here?
>
> I would guess that someone has tried to automatically collect a lot of
> email addresses and ended up getting also those message id's. Then an
> attacker tries to intrude with those addresses.
I get spam like that to my domain, using email usernames obviously got
from the Message-ID of my messages to mailing lists over the years,
there's a whole category of names ending in 'git-send-email-tixy'
presumably from patches I've sent with git.
--
Tixy
Reply to: