[Operators] Potential distributed attack

Christian mail at m3d1c5.org
Fri Apr 13 15:02:15 UTC 2012


to protect me against such mass registrations I did set the number of 
seconds a client at a particular
IP address must wait before it can register another account to 300 seconds.

This could be a problem with shared IPs. But 5 minutes should be no 
problem I think.


Mail: mail at m3d1c5.org
Jabber: medics at twattle.net

Am 10.04.2012 23:03, schrieb Claudiu Curcă:
> Hello,
> Tonight I've noticed an increase in server traffic and once I checked 
> stuff aut I saw that some few thousand users were created from a 
> russian IP address ( The users were automatically created 
> with the username XXyyyyyyZZ, where (XX and ZZ are numerica land yyyyy 
> are random words). According to logs, all these users flooded the user 
> dyavol at qip.ru <mailto:dyavol at qip.ru>, probably as some sort of 
> childish revenge or something similar.
> Lately, I've been firewalling entire classes of IPs from the Russian 
> Federation because of these automated registrations, although only now 
> logs have shown actual flooding.
> With all respect to free and boundless communication, I am taking the 
> caution of blocking each and every IP block from the Russian 
> Federation, since I do not want (nor have to, for that matter) stay 
> and guard the server from automated registrations (as a fun fact, out 
> of all the former automated registrations detected, 105 of them, 104 
> were from Russia).
> I know it's harsh, but I encourage the rest of the admins to be 
> vigilant and take hard countermeasures against such abuse.
> Best Regards,
> Claudiu Curcă -- coderollers.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20120413/88c2a30c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4949 bytes
Desc: S/MIME Kryptografische Unterschrift
URL: <http://mail.jabber.org/pipermail/operators/attachments/20120413/88c2a30c/attachment.bin>

More information about the Operators mailing list