Hi all, was inspecting the relay VPS after a provider maintenance (forced reboot) and noticed that someone has been phishing the endpoints for 9 character deterministic logins; the attempt created the directories in /home/vmail/… with an enforceE2EEincoming cookie and a password file w/SHA256.
Is there a handy way to drop in a blocklist of usernames somewhere on the relay to automatically reject their attempted use? Here’s what I see from the last few days:
Of course they don’t work as the proper process to set them up wasn’t followed, but I’d like to somehow prevent anyone from trying to use a handle which misrepresents my relay (I’m sure this was just spammers or something innocuous, no tin foil hats here). We could probably crowdsource a list of 9-char names to block given they’re so commonly attacked.
Be advised that such blocklist-based solution will never catch all attempts at hacking. Just think of an abuser doubling the word, prefixing it with the or adding a neutral ending (e.g., 1).
Also note that the random generator might actually produce some identifier on the list by chance and then the user could be surprised.
Anyway, if we wanted to ensure no possibility for clash, chatmail might standardize on an allowlist-kind of scheme such as by always beginning or ending with some uncommon and visibly distinct character, such as a number.