Recherches récentes
Options de recherche
So here is a weird one ... the LWN site has been seeing a steady stream of login attempts, all using weird yahoo addresses as the username. By "weird" I mean things like lllbnwidgqeerdyi@yahoo.com and other equally unlikely strings.
These do not correspond to LWN accounts, but somebody has looked at our login form for long enough to post the login attempts directly, without loading the form first. The attempts come from all over the Internet, suggesting that some sort of botnet is doing this.
I don't suppose anybody else has seen this sort of pattern, or has any idea what it is that they may be trying to accomplish?
These do not correspond to LWN accounts, but somebody has looked at our login form for long enough to post the login attempts directly, without loading the form first. The attempts come from all over the Internet, suggesting that some sort of botnet is doing this.
I don't suppose anybody else has seen this sort of pattern, or has any idea what it is that they may be trying to accomplish?
@corbet I wonder, if that would actually require looking at the login for long enough, or looking at all.
It's king of typical <form method="post"> <input type="text"> <input type="password> <input type="submit"> thingie anyways, right?
@KasTasMykolas You need to look at least long enough to know what names have been assigned to the form elements. It would take less than a minute, but you need to do it for every site you want to attack.
Because I'm an obnoxious person, I changed the names of those elements today, conveniently bringing an end to all of those login failures. We'll see if they bother to update their script...
Because I'm an obnoxious person, I changed the names of those elements today, conveniently bringing an end to all of those login failures. We'll see if they bother to update their script...
@corbet @KasTasMykolas Or you could add a CSRF Token qhich also could help to suppress these direct hits.