TE
TechEcho
Home24h TopNewestBestAskShowJobs
GitHubTwitter
Home

TechEcho

A tech news platform built with Next.js, providing global tech news and discussions.

GitHubTwitter

Home

HomeNewestBestAskShowJobs

Resources

HackerNews APIOriginal HackerNewsNext.js

© 2025 TechEcho. All rights reserved.

Ask HN: What is this user doing?

42 pointsby lai-yinover 3 years ago
Between Nov 20 and Dec 14, someone with the IP address 34.66.115.47 has submitted 16 requests to join my email newsletter on my website form with nonsense email accounts like mphtnarrwqrs@gmail.com and qrzqoiakkubp@gmail.com. In one instance they used a real email address, so I have their name and know the company they work for (which is in my industry and we actually have mutual colleagues). What could this person possibly be doing with all these weird form submissions? I have a very basic, static website, do no A/B testing, and haven't made any updates to it in months. What do you think?

20 comments

junonover 3 years ago
Welcome to public-facing application security :) Any number of reasons, potentially more than one at once:<p>1. Being a dick &#x2F; bored &#x2F; ...<p>2. Pen-testing you for some reason.<p>3. Trying to inflate your signup numbers for some reason.<p>4. Trying to see how many users you have (see other comment)<p>5. Testing their own fake email system for something<p>6. Trying to increase your costs<p>7. Demonstrating something for someone else not realizing it&#x27;s production<p>8. Pure, unadulterated incompetence<p>9. Something else malicious
评论 #29610092 未加载
评论 #29609998 未加载
评论 #29610088 未加载
评论 #29609685 未加载
评论 #29610056 未加载
评论 #29610548 未加载
keyleover 3 years ago
So in terms of 16 requests, that&#x27;s nothing. Something actually malicious would be thousands.<p>Either this person is setting up to do something malicious and hasn&#x27;t even started, or they&#x27;re more likely studying your sign up process, struggling with it, and have a short memory so they did it many times over 15 days.<p>The fact is, having an open form on the internet is like having an open invite to come shit in your toilets.<p>Since this person is within your industry, I&#x27;d just poke them and ask. That will most likely make them stop. The fact that they use their own IP address and used a real email address means to me that this person is non-malicious.<p>Plus point for sending them a report of their own activity, real time as they submit it, to their email address.
kronoover 3 years ago
Send an email to the proper looking address and ask them what&#x27;s up with all the different sign-ups. Check in to see if they&#x27;re experiencing technical problems or something that you can help with.<p>Also report back here because now we&#x27;re curious too ;)
mtmailover 3 years ago
Does your newsletter have a &quot;Welcome user number 1234&quot;? or similar, like a number in the URL? Ages ago I used a similar approach to gain data on growth of a website. They would increase a number in the URL for every (shopping) checkout session, easy way to figure out if there was growth or not.
评论 #29609327 未加载
natoliniakover 3 years ago
He&#x2F;she is developing something similar to what you are exposing and is reverse engineering the behavior for quick solutions&#x2F;shortcuts. Or is learning how form submissions work.<p>Not that i haven&#x27;t done anything like that, ever :)
Flankkover 3 years ago
That&#x27;s really strange. Only thing I can think of is the person is using multiple throwaway email accounts to join your newsletter. They are then marking all your messages as spam in an attempt to get your email blacklisted. Hopefully someone has a less malicious explanation.
评论 #29609770 未加载
27182818284over 3 years ago
Given how many times my real email is used incorrectly to sign up for everything from nursing courses in Florida to Golf Sundays in Michigan, I would no longer trust that &quot;real email&quot; address to be tied to the real person without more information.
Uhhrrrover 3 years ago
Benign explanation: for whatever reason, they&#x27;re not getting the newsletters so they&#x27;re trying to subscribe again using a throwaway.
erdos4dover 3 years ago
I agree with another comment here that this is likely them signing up with throwaway emails and trying to get you blacklisted by putting all your messages to spam. In the off chance that they are somewhat more sophisticated, I would try to log these requests and look for SQL injection attacks. It&#x27;s possible that these bogus signups are an artifact of them doing something more malicious.
gkobergerover 3 years ago
The IP address 34.66.115.47 points to Google Cloud. I think there&#x27;s a possibility the real address is legitimate and it&#x27;s just a coincidence? Or maybe they&#x27;re using a Tor-like service that &quot;covers their tracks&quot; by sending randomized data?<p>If you don&#x27;t see any obvious reason for malice, I think you should email them and ask!
评论 #29609907 未加载
jvilaltaover 3 years ago
One they get your newsletter you will receive an email asking about your privacy practices.
A_Duckover 3 years ago
Probably competitor analysis of your newsletter signup flow
评论 #29609790 未加载
muzaniover 3 years ago
I did something like this to someone once. I wanted to see if their camera worked in our in-app browser (it didn&#x27;t). It was part of a loan application process. I tried fixing the bug a few times and didn&#x27;t work each time.<p>I actually gave my real details the first time but didn&#x27;t submit the form, so someone tried calling me about 20 times before I picked up and was confused when I said I wasn&#x27;t interested.
MattGaiserover 3 years ago
See if your newsletter leaks emails? Many do.
评论 #29609895 未加载
gawsover 3 years ago
&gt; In one instance they used a real email address, so I have their name and know the company they work for (which is in my industry and we actually have mutual colleagues).<p>So what will you do with this information?
toomuchtodoover 3 years ago
As someone else mentioned, this is coming from Google Cloud IP address space. You might consider blocking that net block or silent discarding signup attempts from it.<p>35.238.4.0&#x2F;22 (AS15169)
new_guyover 3 years ago
Are you sure your newsletter is actually getting sent out?<p>It sounds like they&#x27;re not receiving it, so signing up with junk emails to check.
huetiusover 3 years ago
That sounds like they’re writing a script of some kind and testing as they write it. Who knows what their motives are.
whalesaladover 3 years ago
“If you build it, they will come.”
koziserekover 3 years ago
Fishing for new hires. ;]