[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Agree it looks like bots accessing the web interface, IP addressses typically end user like. I had a poke at Yahoo web mail. Nothing immediately obvious, but then I agree there is probably some luck involved, although I doubt it is opportunistic timing. My browser did access 45 different hostnames in the page to compose and send an email. Some were CDN servers, fair enough. At least one appeared to be returning empty/corrupt responses but presumably not important. The cookies aren't encrypted which surprised me (it being easy improvement to add with no/little coding needed), but the values may be, or they might be base64 or similar. I'll look closer when I get some more time. The diet thing is I think a distraction, this is all about botnet growing. Mostly I get malware free responses suggesting it is a kit looking for vulnerable user agents. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq