[Operators] [Fwd: [ejabberd] Your server is a part of spammer/flood botnet!]

Sean Dilda sean at duke.edu
Mon May 5 08:48:38 CDT 2008


Peter Saint-Andre wrote:
> On 05/05/2008 2:26 AM, Tomasz Sterna wrote:
>> Dnia 2008-05-04, nie o godzinie 22:09 -0600, Peter Saint-Andre pisze:
>>> http://www.xmpp.org/extensions/xep-0158.html
>>>
>>> However, that doesn't give you a real workflow. For most EBIA (email
>>> based identification and authentication) systems you visit the
>>> website,
>>> receive an email with a token, and visit the website again, at which
>>> time you provide the token. Right now we don't have a way to do that
>>> in
>>> XEP-0077, but we might be able to do it with some combination of XEPs
>>> 77, 158, and 235.
>> Or go wacko and define something like HTML over XMPP and let the people
>> code the workflows anyhow they wish. :-)
> 
> Right. But the XMPP server will probably time you out if you maintain an
> open connection that long without completing the registration process
> (because there may a denial of service attack that's possible if you
> flood the server with registration attempts).
> 

Unfortunately, my experience has shown that that is *not* the case with 
ejabberd 1.1.4.  It will gladly allow you to maintain as many unauthed 
connections as you want, for as long as you want.


More information about the Operators mailing list