[Operators] in-band registration (was: Re: Potential distributed attack)

Peter Saint-Andre stpeter at stpeter.im
Tue Apr 10 21:13:55 UTC 2012

Hash: SHA1

On 4/10/12 3:08 PM, Daniel Fischaleck wrote:
> Am Dienstag, 10. April 2012, 23:03:54 schrieb Claudiu Curcă:
>> Hello,
>> Tonight I've noticed an increase in server traffic and once I
>> checked stuff aut I saw that some few thousand users were created
>> from a russian IP address ( The users were
>> automatically created with the username XXyyyyyyZZ, where (XX and
>> ZZ are numerica land yyyyy are random words). According to logs,
>> all these users flooded the user dyavol at qip.ru, probably as some
>> sort of childish revenge or something similar.
>> Lately, I've been firewalling entire classes of IPs from the
>> Russian Federation because of these automated registrations,
>> although only now logs have shown actual flooding.
>> With all respect to free and boundless communication, I am taking
>> the caution of blocking each and every IP block from the Russian
>> Federation, since I do not want (nor have to, for that matter)
>> stay and guard the server from automated registrations (as a fun
>> fact, out of all the former automated registrations detected, 105
>> of them, 104 were from Russia).
>> I know it's harsh, but I encourage the rest of the admins to be
>> vigilant and take hard countermeasures against such abuse.
>> Best Regards,
>> Claudiu Curcă - coderollers.com
> Hi,
> the same thing happened to my server orcalab.net. Public
> registration is now disabled till I get that IP sorted and I am
> restoring a backup of the old user database right now. I got over
> 1000 registrations within a few minutes. Same scheme as yours.

Has in-band registration outlived its usefulness? It was originally
designed as a user-friendly way to jumpstart use of Jabber
technologies back in 1999. Perhaps it's not so appropriate today?

(FWIW, at jabber.org we disabled IBR a few years ago and that hasn't
stopped lots of people from registering new accounts!)


- -- 
Peter Saint-Andre

Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the Operators mailing list