[Operators] Administering of MUC

Peter Viskup skupko.sk at gmail.com
Mon May 28 15:39:26 UTC 2012


Hi Mathias,
it's just surprising that there are also other servers affected by this 
behavior.
Thank you for sharing your procedure to gain with it.
Some of the chat rooms are forwarding the information about Arabia world 
from Aljazeera, CNN and other newsletters via bots reading RSS.

Best regards,
--
Peter Viskup

On 05/28/2012 11:31 AM, Mathias Ertl wrote:
> Hi,
>
> On 2012-05-28 00:19, Peter Viskup wrote:
>> we are experiencing some strange situation on MUC on our jabber server.
>> There were quite a lot of MUC created and most of them from Syria. These
>> MUCs were moved from other jabber server on which they were blocked.
>>
>> Does somebody of you have experience with bots flooding MUCs and users
>> asking for granting them admin rights for specific MUCs? How do you
>> 'clean' persistent MUCs not used anymore?
>>
>> Main issues:
>>   - listing of registered conferences take some minutes
>>   - muc_room Mnesia table is about 58MBs large
>>   - ejabberdctl doesn't provide commands for administering MUCs
> We (jabber.at) have the very same problem. Two things are important to note:
>
> 1. These rooms are created en masse automatically. If you destroy them
> all,>100 will be created within a few seconds. (but that does not occur
> until some time after that)
> 2. While much of it appears to come from Syria (i.e. Room names are
> those of Syrian cities) no *real* chat is happening there. I have given
> chatlogs to a few arab-speaking persons and the "chat" is just
> gibberish. I have tried several times to chat with MUC-admins and their
> intelligence has been similar to that of Eliza[1].
>
> We have taken some steps to stop that epidemic:
> (1) Only local users may create MUCs.
>
> When MUCs are created, the creator is usually the same over all rooms.
> because of (1), we know what IP registered and used that acccount.
>
> (2) All accounts registered/used from that IP-address are deleted,
> usernames blocked, IP-addresses blocked on an IP-Level.
> (3) We use a munin-plugin[2] to monitor the number of MUCs. If a large
> number of MUCs is created, we get a notification by Munin.
>
> Using these measures, this now only happens rarely. If it happens, MUCs
> are removed very fast by our admins.
>
> Another thing to note: The first time I started destroying MUCs using my
> regular account, I received a DOS-attack in the form of thousands of
> automated private messages. I now use a dedicated account that I can
> just log of from to destroy MUCs, as a precaution.
>
> greetings, Mati
> (jabber.at)
>
> [1] http://en.wikipedia.org/wiki/ELIZA
> [2] http://git.fsinf.at/fsinf/munin/blobs/master/muc_count
>



More information about the Operators mailing list