[Operators] ejabberd CAPTCHA

Peter Saint-Andre stpeter at stpeter.im
Thu Aug 27 14:47:34 CDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/27/09 1:39 PM, Fabio Forno wrote:
> On Thu, Aug 27, 2009 at 9:31 PM, Peter Saint-Andre<stpeter at stpeter.im> wrote:
>>> I think that
>>> part of that flood was coming from our server too, since yesterday we
>>> had a bot registering accounts. We blocked it in few minutes, but it
>>> was able send a bulk of messages. In ejabberd there is an option for
>>> limiting the number of registrations per IP, the problem is that in
>>> our case almost all the clients are natted in large networks
>> Yes, that is a challenge. :(
> 
> Yep, I think that IP based limiting is the standard in all servers,
> but this is a non option if you target mobile clients. The only
> solution is using captchas or some external method (as we are going to
> do now)

Yes we had a long thread about this when we were discussing ways to
prevent denial of service attacks (XEP-0205). There are no easy answers...

Peter

- --
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkqW4tYACgkQNL8k5A2w/vyzDgCfUpqyY4I6Pm2MJjZtnGNeCEm1
r5kAn1FZixaalJEATxBSbQlf2jq4UKw6
=1NiL
-----END PGP SIGNATURE-----


More information about the Operators mailing list