[Operators] Strange users

Mathias Ertl mati at fsinf.at
Wed Oct 12 13:51:23 UTC 2011


Hi!

I have seen something very similar on my server. We had tons of accounts with 
usernames of what appeared to be md5sums. They had no contacts EXCEPT they 
were using our MSN transports. At the same time I also had registrations with 
usernames that were exactly 10 digits (i.e. 0123456789 at jabber.fsinf.at), with 
the same behaviour.

I figured this was a spam-problem and deleted all such accounts plus blocked 
their registration. Nobody ever complained.

To make a long story short: I think we have a significant spamming problem on 
jabber.

greetings, Mati

PS: Just for the record, jabber.fsinf.at is *still* on the public list, 
despite the fact that it doesn't allow any registrations. jabber.at is still 
not added.


On Tuesday, October 11, 2011 04:12:13 PM Daniel Fischaleck wrote:
> today I finally managed to upgrade my Openfire server to 3.7.1. After
> reimporting my DB I noticed some strange users like:
> 
> a812bcd6e650610c861b97d05b2ca87bb451e526 the import process said this
> person has 0 persons on his/her roster, but it frequently loggs in, today
> with the IP address 75.15.116.22.
> 
> Another example would be 0c72762fbbc33a933d3f22e646152a868ad5ab64 (there
> are a lot more!)
> 
> Does anyone know what kind user this is? I fear of this person abusing my
> server for some illegal activities. Due to privacy reasons i do not want to
> analyze his traffic.
> 
> Greetings,
> 
> Daniel

-- 
me on twitter: @mathiasertl | soup: http://soup.er.tl
I only read plain-text mail!  I prefer signed/encrypted mail!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.jabber.org/pipermail/operators/attachments/20111012/888bdb0f/attachment.pgp>


More information about the Operators mailing list