[Operators] Potential distributed attack

Marcel marcel at rkquery.de
Tue Apr 10 21:28:05 UTC 2012


Hello,

same situation on my Server. 2000 users in a few minutes. Same IP.


Best Regards,

Marcel


Am 10.04.2012 23:03, schrieb Claudiu Curcă:
>
> Hello,
>
>  
>
> Tonight I've noticed an increase in server traffic and once I checked
> stuff aut I saw that some few thousand users were created from a
> russian IP address (178.47.4.86). The users were automatically created
> with the username XXyyyyyyZZ, where (XX and ZZ are numerica land yyyyy
> are random words). According to logs, all these users flooded the user
> dyavol at qip.ru <mailto:dyavol at qip.ru>, probably as some sort of
> childish revenge or something similar.
>
>  
>
> Lately, I've been firewalling entire classes of IPs from the Russian
> Federation because of these automated registrations, although only now
> logs have shown actual flooding.
>
>  
>
> With all respect to free and boundless communication, I am taking the
> caution of blocking each and every IP block from the Russian
> Federation, since I do not want (nor have to, for that matter) stay
> and guard the server from automated registrations (as a fun fact, out
> of all the former automated registrations detected, 105 of them, 104
> were from Russia).
>
>  
>
> I know it's harsh, but I encourage the rest of the admins to be
> vigilant and take hard countermeasures against such abuse.
>
>  
>
> Best Regards,
>
>  
>
> Claudiu Curcă -- coderollers.com
>
>  
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20120410/5d4376e2/attachment-0001.html>


More information about the Operators mailing list