[Operators] Potential distributed attack

Daniel Fischaleck daniel at fischaleck.net
Tue Apr 10 21:08:52 UTC 2012

Am Dienstag, 10. April 2012, 23:03:54 schrieb Claudiu Curcă:
> Hello,
> Tonight I've noticed an increase in server traffic and once I checked stuff
> aut I saw that some few thousand users were created from a russian IP
> address ( The users were automatically created with the
> username XXyyyyyyZZ, where (XX and ZZ are numerica land yyyyy are random
> words). According to logs, all these users flooded the user dyavol at qip.ru,
> probably as some sort of childish revenge or something similar.
> Lately, I've been firewalling entire classes of IPs from the Russian
> Federation because of these automated registrations, although only now logs
> have shown actual flooding.
> With all respect to free and boundless communication, I am taking the
> caution of blocking each and every IP block from the Russian Federation,
> since I do not want (nor have to, for that matter) stay and guard the
> server from automated registrations (as a fun fact, out of all the former
> automated registrations detected, 105 of them, 104 were from Russia).
> I know it's harsh, but I encourage the rest of the admins to be vigilant
> and take hard countermeasures against such abuse.
> Best Regards,
> Claudiu Curcă - coderollers.com


the same thing happened to my server orcalab.net. Public registration is now 
disabled till I get that IP sorted and I am restoring a backup of the old user 
database right now. I got over 1000 registrations within a few minutes. Same 
scheme as yours.

Thank you for providing the IP address, I will also block the whole russian IP 

Will you file a complaint against this subscriber or do you think it has no 
sense at all to complain at a russian business?

best regards,


Daniel Fischaleck

Tel.: +498771  3710
Mobil: +49172 833 7935
Fax: +498771 408369

d.fischaleck at inet-tec.net
daniel at fischaleck.net

More information about the Operators mailing list