Ask HN: What is this user doing?
Between Nov 20 and Dec 14, someone with the IP address 34.66.115.47 has submitted 16 requests to join my email newsletter on my website form with nonsense email accounts like mphtnarrwqrs@gmail.com and qrzqoiakkubp@gmail.com. In one instance they used a real email address, so I have their name and know the company they work for (which is in my industry and we actually have mutual colleagues). What could this person possibly be doing with all these weird form submissions? I have a very basic, static website, do no A/B testing, and haven't made any updates to it in months. What do you think?
35 comments
[ 4.9 ms ] story [ 80.2 ms ] thread1. Being a dick / bored / ...
2. Pen-testing you for some reason.
3. Trying to inflate your signup numbers for some reason.
4. Trying to see how many users you have (see other comment)
5. Testing their own fake email system for something
6. Trying to increase your costs
7. Demonstrating something for someone else not realizing it's production
8. Pure, unadulterated incompetence
9. Something else malicious
I tried emailing a few of these accounts from a burner email and got bounce backs on all of them.
Also just realized that since 12-15 another IP address 35.238.7.76 has submitted 4 more jibberish email accounts like uxjzylbwryxb@gmail.com.
So if they are fake accounts that bounce back, I guess that could hurt my deliverability rates with Constant Contact - not sure though. In any case I haven't been uploading them to my email contacts list so if he is trying to hurt my account it's been totally ineffective. And he'll need to increase his number of submissions by a few orders of magnitude to make a difference in the costs.
I guess my next step would have to be figuring out how to block multiple submissions from the same IP address or just reaching out to this dude and asking what's up. I need to learn more about him first since he works for someone kinda influential in my industry.
Assuming there is one, of course, but my experience with current newsletters is that there is a popup. Sometimes a "delayed action" one.
probably 1)...
Also report back here because now we're curious too ;)
If you don't see any obvious reason for malice, I think you should email them and ask!
Edit: unsubstantiated source [0] says that domain relates to Google app engine, so could be the person is working on a project that includes some form submission capability and somehow is using your site for testing
https://superuser.com/questions/892437/what-do-you-do-if-you...
Not that i haven't done anything like that, ever :)
They might think they have to fill it in to get access.
Either this person is setting up to do something malicious and hasn't even started, or they're more likely studying your sign up process, struggling with it, and have a short memory so they did it many times over 15 days.
The fact is, having an open form on the internet is like having an open invite to come shit in your toilets.
Since this person is within your industry, I'd just poke them and ask. That will most likely make them stop. The fact that they use their own IP address and used a real email address means to me that this person is non-malicious.
Plus point for sending them a report of their own activity, real time as they submit it, to their email address.
I actually gave my real details the first time but didn't submit the form, so someone tried calling me about 20 times before I picked up and was confused when I said I wasn't interested.
It sounds like they're not receiving it, so signing up with junk emails to check.
35.238.4.0/22 (AS15169)
So what will you do with this information?