[Operators] Administering of MUC

Mathias Ertl mati at fsinf.at
Mon May 28 09:31:05 UTC 2012


On 2012-05-28 00:19, Peter Viskup wrote:
> we are experiencing some strange situation on MUC on our jabber server.
> There were quite a lot of MUC created and most of them from Syria. These
> MUCs were moved from other jabber server on which they were blocked.
> Does somebody of you have experience with bots flooding MUCs and users
> asking for granting them admin rights for specific MUCs? How do you
> 'clean' persistent MUCs not used anymore?
> Main issues:
>  - listing of registered conferences take some minutes
>  - muc_room Mnesia table is about 58MBs large
>  - ejabberdctl doesn't provide commands for administering MUCs

We (jabber.at) have the very same problem. Two things are important to note:

1. These rooms are created en masse automatically. If you destroy them
all, >100 will be created within a few seconds. (but that does not occur
until some time after that)
2. While much of it appears to come from Syria (i.e. Room names are
those of Syrian cities) no *real* chat is happening there. I have given
chatlogs to a few arab-speaking persons and the "chat" is just
gibberish. I have tried several times to chat with MUC-admins and their
intelligence has been similar to that of Eliza[1].

We have taken some steps to stop that epidemic:
(1) Only local users may create MUCs.

When MUCs are created, the creator is usually the same over all rooms.
because of (1), we know what IP registered and used that acccount.

(2) All accounts registered/used from that IP-address are deleted,
usernames blocked, IP-addresses blocked on an IP-Level.
(3) We use a munin-plugin[2] to monitor the number of MUCs. If a large
number of MUCs is created, we get a notification by Munin.

Using these measures, this now only happens rarely. If it happens, MUCs
are removed very fast by our admins.

Another thing to note: The first time I started destroying MUCs using my
regular account, I received a DOS-attack in the form of thousands of
automated private messages. I now use a dedicated account that I can
just log of from to destroy MUCs, as a precaution.

greetings, Mati

[1] http://en.wikipedia.org/wiki/ELIZA
[2] http://git.fsinf.at/fsinf/munin/blobs/master/muc_count

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6271 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20120528/78c7bb48/attachment.bin>

More information about the Operators mailing list