[jadmin] bulk-registrations - Spam?
Jesse Thompson
jesse.thompson at doit.wisc.edu
Wed May 7 07:58:42 CDT 2008
It's common practice to use 127.0.0.2 for testing blacklists (most, if
not all, of the email-centric DNSBLs have it listed) since you can
configure an xmpp client to bind to the IP for testing functionality and
load.
If the list starts to grow, you might want to consider converting it to
a DNSBL, for scalability. Or if you don't want to host a DNSBL (it
would be easy for a local administrator to import that list into a
rbldnsd or bind zone,) just add support for DNSBL lookups from the
server. This might also be useful if you want to block otherwise
untrustworthy IP addresses that happen to be identified by existing
email-centric DNSBLs. Or, if you only want users on certain networks
(e.g. you only serve customers in one country) to be able to register,
you could add IP ranges to a DNSBL zone. Hmmm, maybe DNS whitelists
would be a good thing to have as well.
Jesse
Mickaël Rémond wrote:
> Hello,
>
> We have developed a blacklist module for ejabberd.
> If you deploy the module, this address will be blocked automatically
> (and possibly other future abusers).
> The detail is here:
> https://support.process-one.net/doc/display/XAAI/XAAI+Blacklist
>
> I hope it helps,
>
> Le 6 mai 08 à 21:55, Florian Jensen a écrit :
>
>> All spam attacks are from: 204.8.219.178
>>
>> It's this dedicated server causing the problems.
>>
>> iptables -I INPUT -s 204.8.219.178 -j DROP
>>
>> will solve the problem.
>>
>> Florian Jensen
>>
>> Nickola Kolev wrote:
>>> On Tue, 06 May 2008 12:52:22 -0600
>>> Peter Saint-Andre<stpeter at stpeter.im <mailto:stpeter at stpeter.im>> wrote:
>>>
>>>> On 05/06/2008 12:02 PM, Nickola Kolev wrote:
>>>>> Hello, Tim,
>>>>>
>>>>> On Tue, 06 May 2008 17:49:48 +0200
>>>>> Tim Korves<tk at x23.eu <mailto:tk at x23.eu>> wrote:
>>>>>
>>>>>> Hi there,
>>>>>>
>>>>>> are there any chances to prevent such bulk-registrations (aka spam)?
>>>>>> Other then completely disable registration?
>>>>> Read the logs from the meeting yesterday to get the idea at:
>>>>> http://im.flosoft.biz/muclogs/xaai@conference.im.flosoft.biz/2008/05/05.html
>>>>>
>>>>> Besides that, has anyone spotted registrations from different IP
>>>>> addresses?
>>>>> I got one today from 77.238.103.215 (Russia).
>>>> By "one" do you mean bulk registration, or just registration in general?
>>>
>>> By "one" I mean "one", with a name '26jfsnx6'. This doesnt *look* like
>>> a normal username, but more of the result from executed ruby script
>>> MattJ (IIRC) showed us, and that's why I asked for any registrations
>>> from especially this IP address.
>>>
>>>> Peter
>>>>
>>>> --
>>>> Peter Saint-Andre
>>>> https://stpeter.im/
>>>>
>>>>
>>>
>> _______________________________________________
>> JAdmin mailing list
>> JAdmin at jabber.org <mailto:JAdmin at jabber.org>
>> http://mail.jabber.org/mailman/listinfo/jadmin
>> FAQ: http://www.jabber.org/about/jadminfaq.shtml
>> _______________________________________________
>>
>
> --
> Mickaël Rémond
> http://www.process-one.net/
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> JAdmin mailing list
> JAdmin at jabber.org
> http://mail.jabber.org/mailman/listinfo/jadmin
> FAQ: http://www.jabber.org/about/jadminfaq.shtml
> _______________________________________________
--
Jesse Thompson
Email/IM: jesse.thompson at doit.wisc.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3340 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/jadmin/attachments/20080507/ac3812fc/attachment-0001.bin
More information about the JAdmin
mailing list