[Operators] Rosters flood

Evgeniy Khramtsov xramtsov at gmail.com
Wed Sep 8 04:39:06 CST 2010


08.09.2010 08:36, Peter Viskup wrote:
> I have evidence of these '40tman_rullez' accounts being created on 
> jabber.sk server for last weeks.
> Most of connections of '40tman_rullez' accounts are made from IPs 
> 188.168.78.102, 188.168.78.162, 81.177.33.11...
>
> But there are also others e.g.:
> ws_conference_jabber_ru41odk__n at jabber.sk
> Most of connections of 'ws_conference_jabber_ru' accounts are made 
> from IPs 109.169.251.0, 82.146.63.108, 95.67.179.109...
>

Thank you for the info!

> All listed IPs are registered in Russia.
> These accounts are probably causing also the increased network 
> utilization on our server (4Mb/s in peaks).
>
> Let me know if any other information could help you to find the way 
> how to fight against this. Do you have any recommendation how to 
> prevent these accounts to be created on our server? I do not like to 
> implement CAPTCHA nor filtering IPs.
>

The only way I know is to disable iq:register and provide web-based 
registration only (with CAPTCHA). Well, of course, as Yann said, it is 
possible to improve in-band registration modules to support CAPTCHA, but 
there are too little clients supporting it. Also the good approach is to 
register one account per one confirmation email. My bad, but we don't 
have such feature on jabber.ru :( Seems like it is the time to implement 
it...

-- 
Regards,
Evgeniy Khramtsov, ProcessOne.
xmpp:xram at jabber.ru.



More information about the Operators mailing list