[Operators] Potential distributed attack

Claudiu Curcă claudiu at coderollers.com
Tue Apr 10 21:03:54 UTC 2012


Hello,

 

Tonight I've noticed an increase in server traffic and once I checked stuff
aut I saw that some few thousand users were created from a russian IP
address (178.47.4.86). The users were automatically created with the
username XXyyyyyyZZ, where (XX and ZZ are numerica land yyyyy are random
words). According to logs, all these users flooded the user dyavol at qip.ru,
probably as some sort of childish revenge or something similar.

 

Lately, I've been firewalling entire classes of IPs from the Russian
Federation because of these automated registrations, although only now logs
have shown actual flooding. 

 

With all respect to free and boundless communication, I am taking the
caution of blocking each and every IP block from the Russian Federation,
since I do not want (nor have to, for that matter) stay and guard the server
from automated registrations (as a fun fact, out of all the former automated
registrations detected, 105 of them, 104 were from Russia). 

 

I know it's harsh, but I encourage the rest of the admins to be vigilant and
take hard countermeasures against such abuse.

 

Best Regards,

 

Claudiu Curcă - coderollers.com

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20120410/5f6c6119/attachment.html>


More information about the Operators mailing list