[Operators] Update on spammy invites

Maxim Ignatenko gelraen.ua at gmail.com
Thu Mar 21 14:16:11 UTC 2013


On 21 March 2013 14:08, Kevin Smith <kevin at kismith.co.uk> wrote:
> On Thu, Mar 21, 2013 at 2:03 PM, Maxim Ignatenko <gelraen.ua at gmail.com> wrote:
>> On 21 March 2013 13:44, Jesse Thompson <jesse.thompson at doit.wisc.edu> wrote:
>>> On 3/20/2013 6:09 PM, Peter Viskup wrote:
>>>> Did anybody performed some investigation and proved which servers are
>>>> used for these attacks and if all of them are IBR-enabled? I'm not aware
>>>> of anybody - didn't see list of the servers.
>>>
>>> Apparently not.
>>
>> jabber.kiev.ua have IBR enabled and protected by CAPTCHA.
>
> Interestingly (or maybe not) jabber.kiev.ua wasn't on the list of
> servers I sent out that I'd see automated MUC attacks from.

Well, I'm trying to do my best at wiping spam accounts as I see them
:) Userbase is not huge and usually there's only 1 or 2 new accounts
per day, so it's feasible to just have myself in registration_watchers
list.

> The 300 number is interesting - I wonder why they did that. Do you
> have any information about these subscriptions? Did they seem to be to
> randomly generated users on gmail? Did they contain messages?

No, I have only list of gmail JIDs and I don't know if they also sent
any messages to gmail users. All gmail JIDs added by spam accounts was
different and I suspect that spammers scraped it somewhere and now are
just sharding it between spambots, but that's only my guess.

-- 
Best regards,
Maxim


More information about the Operators mailing list