A time thief system will be developed to drop spammers into ``eternal password registration hell''
There are many people who are annoyed by the phenomenon that 'a large amount of spam mail arrives every day'. In order to retaliate against vendors who continue to send such malicious spam mails, a retaliation system was developed that ``send fake profile pages to spammers and drop them into endless password registration hell''.
Troy Hunt: Sending Spammers to Password Purgatory with Microsoft Power Automate and Cloudflare Workers KV
The spammer retaliation system was developed by Troy Hunt , a technology expert and Microsoft Regional Director . Mr. Hunt felt angry at the current situation of spending time on 'work to delete spam mail', and developed a retaliation system ' Password Purgatory ' that takes time from spammers as well.
Password Purgatory consists of a Microsoft automation tool, Power Automate , and a fake profile page . The steps to use Password Purgatory are very simple. First of all, if you receive a spam email like the one below...
Move spam emails to a special folder created for Password Purgatory.
An email will then automatically be returned to the spammer. The reply email contains a link that says 'Please enter your information from this form', and when the spammer clicks on this link...
You will see a partnership recruitment page like the one below. If you want to make a partnership, you are asked to register your email address and password in the input form at the bottom of the page.
Follow the instructions on the page and register your email address and password ......
I got the warning 'Password must contain at least one numeric character'. Up to this point, the behavior is similar to that of a normal password registration form.
When I changed my password to include digits as instructed, I got a strange warning that 'password must start with 'cat''.
After following the above warning and entering a password containing 'cat', I was now presented with the warning 'Password must end with 'dog''.
Even after registering the password according to the warning, strange warnings such as 'The password must include the name of the main character of The Simpsons ' continued to appear, and in the end the password could not be registered. As a result, it takes time.
When a spammer tries to register a password, an HTML file summarizing 'passwords for which registration was attempted' and 'time spent registering fake passwords' is output as shown below, and the user of Password Purgatory is notified. . ``When I received the notification email, I literally felt the joy of phishing,'' Hunt said.
The source code of Password Purgatory is published in the Github repository managed by Mr. Hunt.
GitHub - troyhunt/password-purgatory: Deliberately making password creation a true hell
https://github.com/troyhunt/password-purgatory
GitHub - troyhunt/password-purgatory-api: This is the Cloudflare Worker public API for deliberately making password creation hell
https://github.com/troyhunt/password-purgatory-api
Related Posts:
in Web Service, Posted by log1o_hf