[Operators] Update on spammy invites

Mathias Ertl mati at fsinf.at
Thu Mar 21 14:54:04 UTC 2013


On Thu, Mar 21, 2013 at 07:36:47AM -0700, Peter Saint-Andre wrote:
> We know that jabber.org had many spammy invite accounts, and we have
> IBR disabled with CAPTCHA-"protected" web registration. As Maxim noted
> about his server (jabber.kiev.ua), web registration doesn't stop
> someone from registering enough accounts to cause trouble.

Of course, for most of the attacks discussed here its enough to register
one account.

And the fact that some here seem to run blacklists of servers opens very
easy attack vectors: Just register one account (I can do that manually, no
problem with captcha) on your server and start spamming. Voila, your server
is blacklisted on those servers.

greetings, Mati

-- 
I only read plain text mail! I prefer pgp|gpg signed & encrypted mails!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20130321/8a582c65/attachment.pgp>


More information about the Operators mailing list