9 Mar
2023
9 Mar
'23
8:16 p.m.
On 2023-03-09 20:34:51 +0100 (+0100), Eggert Ehmke via Mailman-users wrote:
I had some attacks on my wordpress homepage today [...] So it seems there were attempts to register new users [...]
If it helps, we see this constantly on our Mailman 2.1 servers. The old confirmation token mechanism it uses is sufficiently weak that attackers just keep trying until they manage to brute-force it and add some victim's address to every list they can. There's also a slightly different pattern we've observed which seems to just be focused on sending as many confirmation messages to a victim as possible. Both are, as far as I can tell, an attempt to overwhelm someone's inbox (usually abuse or support aliases for service providers). It's probably the biggest incentive we've had to finally start migrating our various list sites to Mailman 3.
Jeremy Stanley