[jadmin] users perl library causing a jabberd2 crash
Declan McMullen
declan.mcmullen at gmail.com
Tue Jul 25 17:03:03 CDT 2006
Me again :)
A short while ago all of my users were dumped off the server.
Upon investigation I found that the c2s component had failed and wasnt
running anymore.
I checked the logs to find a user authenticating with an odd resource
jabber::lite. It turned out to be a new perl
library for jabber. The user was testing a script to login to the server. I
thought maybe he had exploited a bug in jabberd2 s8
So I tested the perl file on my home server which is running s11 the most
recent, and it killed c2s there too.
Is it normal for jabber to be able to be taken out like that ? I would have
thought that if it got requests it didnt like it would just throw them away?
Anyone know a way of safeguarding your server from dodgy libraries?
regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.jabber.org/pipermail/jadmin/attachments/20060725/3b249e48/attachment-0003.html
More information about the JAdmin
mailing list