[Operators] Rosters flood

Peter Viskup skupko.sk at gmail.com
Wed Sep 8 07:47:56 CST 2010


I configured restriction for account creation based on regexp and filter
these account names.
I think administrators of other affected jabber servers should follow this
approach.

{acl, jabber_sk_bad_users, {user_regexp,
"^[40tman_rullez,ws_conference_jabber_ru]", "jabber.sk"}}.
{access, register_jabber_sk, [{deny, bad_users}, {allow, all}]}.
I will remove all existing 40tman_rullez and ws_conference_jabber_ru
accounts on jabber.sk that these will not be used any more.

Regards,
--
Peter Viskup
xmpp: skupko at jabber.sk

On Wed, Sep 8, 2010 at 6:39 AM, Evgeniy Khramtsov <xramtsov at gmail.com>wrote:

> 08.09.2010 08:36, Peter Viskup wrote:
>
>> I have evidence of these '40tman_rullez' accounts being created on
>> jabber.sk server for last weeks.
>> Most of connections of '40tman_rullez' accounts are made from IPs
>> 188.168.78.102, 188.168.78.162, 81.177.33.11...
>>
>> But there are also others e.g.:
>> ws_conference_jabber_ru41odk__n at jabber.sk
>> Most of connections of 'ws_conference_jabber_ru' accounts are made from
>> IPs 109.169.251.0, 82.146.63.108, 95.67.179.109...
>>
>>
> Thank you for the info!
>
>
>  All listed IPs are registered in Russia.
>> These accounts are probably causing also the increased network utilization
>> on our server (4Mb/s in peaks).
>>
>> Let me know if any other information could help you to find the way how to
>> fight against this. Do you have any recommendation how to prevent these
>> accounts to be created on our server? I do not like to implement CAPTCHA nor
>> filtering IPs.
>>
>>
> The only way I know is to disable iq:register and provide web-based
> registration only (with CAPTCHA). Well, of course, as Yann said, it is
> possible to improve in-band registration modules to support CAPTCHA, but
> there are too little clients supporting it. Also the good approach is to
> register one account per one confirmation email. My bad, but we don't have
> such feature on jabber.ru :( Seems like it is the time to implement it...
>
>
> --
> Regards,
> Evgeniy Khramtsov, ProcessOne.
> xmpp:xram at jabber.ru <xmpp%3Axram at jabber.ru>.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20100908/5c217927/attachment.htm>


More information about the Operators mailing list