[Operators] Potential distributed attack

Jan Pinkas pinkas at humboldtec.cz
Tue Apr 10 21:34:45 UTC 2012


In-band registration without captcha is big security risk. And not
only for you, but for whole network. Close your in-band registration,
your server is dangerous for our federation.

Thanks.
Jan pinky Pinkas

Dne 10. dubna 2012 23:03 Claudiu Curcă <claudiu at coderollers.com> napsal(a):
> Hello,
>
>
>
> Tonight I've noticed an increase in server traffic and once I checked stuff
> aut I saw that some few thousand users were created from a russian IP
> address (178.47.4.86). The users were automatically created with the
> username XXyyyyyyZZ, where (XX and ZZ are numerica land yyyyy are random
> words). According to logs, all these users flooded the user dyavol at qip.ru,
> probably as some sort of childish revenge or something similar.
>
>
>
> Lately, I've been firewalling entire classes of IPs from the Russian
> Federation because of these automated registrations, although only now logs
> have shown actual flooding.
>
>
>
> With all respect to free and boundless communication, I am taking the
> caution of blocking each and every IP block from the Russian Federation,
> since I do not want (nor have to, for that matter) stay and guard the server
> from automated registrations (as a fun fact, out of all the former automated
> registrations detected, 105 of them, 104 were from Russia).
>
>
>
> I know it's harsh, but I encourage the rest of the admins to be vigilant and
> take hard countermeasures against such abuse.
>
>
>
> Best Regards,
>
>
>
> Claudiu Curcă - coderollers.com
>
>


More information about the Operators mailing list