[Operators] DDoS attack

Jonas Ådahl jadahl at gmail.com
Mon Feb 20 17:19:21 UTC 2012


On Mon, Feb 20, 2012 at 5:51 PM, Mathias Ertl <mati at fsinf.at> wrote:
> Jonas,
>
> On 2012-02-20 17:41, Jonas Ådahl wrote:
>> Today my server was bombarded with thousands of subscription requests
>> from various different XMPP domains[0] resulting in it crashing. Also
>> with these requests came identical messages[1]. All of the accounts
>> looks like [random characters]@domain.com such as
>> 4yal71k4x2h2gzzsjiex at jabber.im. Seems like all of the requests were
>> directed at one user.
>
> Is it possible to draw up a list of accounts that took part in the
> attack and send those accounts to the corresponding server-admins, at
> least if they are known?
>

Sadly no. I removed some files in order to get my gajim up and
running, and did not make any backups. Anyhow, for what I could tell
all of the accounts were 20 character long and consisted only of
random a-z and 0-9 characters. I put a very small portion of the
accounts here: http://pastebin.com/b0NrDAEL that I recovered from my
gajim message log. The list should be more like 6-7000 long instead of
54 however, but that's all I could find now.

Jonas


More information about the Operators mailing list