A bot network(?) has been after my website for quite a while now. Here is a breakdown of what they do:
They register several accounts using random characters for building a first and last name which look like this:
HludvkxTGVIwP oBScrLdvJ AicSJbYk uWrVKZtSdTNAv ...
The email addresses used for these profiles seem to be valid email addresses from real people but I can not say whether they are just used by the attacker or if they have actual control over those addresses. What I do know, though: The emails are never confirmed by the link sent to those newly registered accounts.
The attacker then goes to the password retrieval page and sends "new password" requests which is weird as I think they don’t receive the answer because of the lack of control over the email used in the profiles created …
I would like to understand what the attacker is trying to achieve in order to evaluate if this is a threat. Why would he send password requests for an account just created by themselves a minute ago?
The ip addresses change all the time, so it seems to be a network.