[Operators] [Fwd: [ejabberd] Your server is a part of spammer/flood botnet!]

Mickaël Rémond mickael.remond at process-one.net
Sun May 4 08:06:50 CDT 2008


Hello,

Le 4 mai 08 à 14:54, Jonathan Schleifer a écrit :

> Wijnand Wiersma <wijnand at nedbsd.eu> wrote:
>
>> And since I don't have time now to create a alternative that means
>> all registrations are disabled now for all my domains.
>
> That's exactly the point I feared, that you don't provide another way.
> And exactly this is bad and lets the attackers win...
>
> How about having a registration page via the internal ejabberd HTTP
> server with captachs and all? That would be a good alternative to IBR.


Just to make things clear:
- ejabberd is not the only XMPP that suffer IBR problems. It is a  
problem of IBR and as such all of them can be targetted. ejabberd has  
yet some mecanisms to mitigate the problem. It is thus the server  
where the problem can be limited but I agree that this is not enough  
yet.
- Web registration is a good alternative yes. I would rather like  
having a native In Band mecanism.
- Web registration can be implemented as an ejabberd HTTP plugin,  
that's right.

-- 
Mickaël Rémond
  http://www.process-one.net/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.jabber.org/pipermail/operators/attachments/20080504/f1e20707/attachment.htm 


More information about the Operators mailing list