Influx of signups from qq.com domain
Hey IH,
Survais has reached over 50 signups now which is great!
However, I'm seeing an influx of signups almost overnight from the qq.com domain all with emails that contain just numbers. Eg. [email protected]
I have done a quick Google which shows it may be spam, very few results though on the subject. I just wanted to confirm.
Has anyone had any similar experience?
Thanks,
Shane
Trending on Indie Hackers
QQ is a very popular site, kind of like an ICQ + Facebook of China. Your QQ number is your instant chat ID and you also get a blog and photo album and can use the same ID on WeChat.
It's very mainstream, not spam.
Hmmm interesting.. strange now they are coming in every minute or so.
They really do seem like spam though.
Well, they could be. Someone could do that with @gmail.com or @aol.com addresses, too. QQ in itself isn't suspicious, though.
Gotcha, thanks!
Not spam. Many of my clients have the same type of email config from qq. Typically people go with the default sign-in which I believe is cellphone number.
I've figured it out. So qq.com isn't the issue.
The spammer was using Survais to promote themselves in Chinese.
They were using the Name field in the sign up form, which is used in the verifying email which is sent automatically.
This way, the promotional name is sent in the email and thus they are creating hundreds of spam accounts, which were sending emails promoting their spam name.
Clever.
Probably bots, you tracking IPs of new users? Had this happen to me this week as well. Didn't seem targeted or anything, just a registration form w/o a CAPTCHA (hey, it's frictionless!!)
Good chance they are all coming from the same IP address. Depending on your hosting situation, it should be pretty easy to mitigate (unless you want that conversion rate crushing vanity metric of new sign ups :)
Yeah really looks like spam alright. Coming in every minute at this point.
Captcha could be the way to go at some point in the process. I am not tracking the IPs no, GDPR and all that. But I may start hashing it in order to do so.
And no, vanity metrics aren't worth it lol. It's enough of a rollercoaster of emotions without adding in vanity metrics.
Yeah, the caveat of these laws is that you have to sacrifice your own ability to protect your server. Even if you anonymized the IPs, you still wouldn't /know/ the IP to block at the network level, you'd have to write some hacky crap to translate incoming IPs and then block it at the code level instead of at the gate via iptables.
There's services out there that can give you a "spam rating" on IP addresses as well. Suspect "sharing an IP address" is probably against GDPR, but you could very well check an IP, and only log it if it's a known bad actor, tossing out the rest of it.
Unless you went out of your way to configure your web server to throw out incoming IP addresses, solid chance you're still sitting on this data in some capacity.
Exactly, I just went through the logs and blocked the IP address - as it was all coming from the same end point.
Sorted for now at least! Many thanks for your replies :)
I had it at my day job. My guy was trying to search for some security issues and was creating thousands of accounts every second. We banned him by IP couple days in a row and eventually, he gave up. I believe qq.com is just some email domain with automatic management of email through API, similar to mailinator.com.
I think qq.com may be a service provider, but qq.my is definitely on this list:
https://github.com/martenson/disposable-email-domains/blob/master/disposable_email_blocklist.conf
Figured worth dropping that link in here, GREAT LIST of domains you may want to block from ever being able to register on a service. Doesn't gets everybody, but get a ton.
This is great, thanks!
Ah I see, many thanks. I will monitor it for now and see if it proliferates further. Thanks :)
Bots probably. Are they active users?
Can't say for sure yet, some have verified their email address while others have not.
Don't seem to be active users for now.