[Operators] [Fwd: [ejabberd] Your server is a part of spammer/flood botnet!]

Peter Saint-Andre stpeter at stpeter.im
Mon May 5 08:51:00 CDT 2008


On 05/05/2008 7:48 AM, Sean Dilda wrote:
> Peter Saint-Andre wrote:
>> On 05/05/2008 2:26 AM, Tomasz Sterna wrote:
>>> Dnia 2008-05-04, nie o godzinie 22:09 -0600, Peter Saint-Andre pisze:
>>>> http://www.xmpp.org/extensions/xep-0158.html
>>>>
>>>> However, that doesn't give you a real workflow. For most EBIA (email
>>>> based identification and authentication) systems you visit the
>>>> website,
>>>> receive an email with a token, and visit the website again, at which
>>>> time you provide the token. Right now we don't have a way to do that
>>>> in
>>>> XEP-0077, but we might be able to do it with some combination of XEPs
>>>> 77, 158, and 235.
>>> Or go wacko and define something like HTML over XMPP and let the people
>>> code the workflows anyhow they wish. :-)
>>
>> Right. But the XMPP server will probably time you out if you maintain an
>> open connection that long without completing the registration process
>> (because there may a denial of service attack that's possible if you
>> flood the server with registration attempts).
>>
> 
> Unfortunately, my experience has shown that that is *not* the case with
> ejabberd 1.1.4.  It will gladly allow you to maintain as many unauthed
> connections as you want, for as long as you want.

That's no longer true in ejabberd 2.0.0.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/operators/attachments/20080505/12fa1915/attachment.bin 


More information about the Operators mailing list