[Operators] Spam/flood report (44 servers involved)

Matthew Wild mwild1 at gmail.com
Sun Sep 22 12:38:29 UTC 2013


Hi folks,

Last night we had someone attempt to flood the Prosody chatroom. Our
rate limiting kicked in and logged all the JIDs for us, so no real
harm was caused to us. That said, I know that some of the originating
servers crashed during the flooding, and another server that was a
victim of flooding crashed.

The JIDs came from these servers:
https://prosody.im/pastebin/4e851d20-c761-4bd7-a587-72dac84ca780 (the
numbers reflect the number of JIDs on that server). If you want a full
list of JIDs on your server, let me know (hint: they all consist of
full-width unicode characters).

I doubt many of the admins of these servers are on this list, but I
know some are. Please tighten your registration if you haven't
already. The simplest and easiest solution goes a long way - enable
registration throttling. In ejabberd this is something like:

    {registration_timeout, 3600}.

In Prosody:

    min_seconds_between_registrations = 3600


On a related note I've been working on a project to allow secure web
registration for all public servers that opt in. It's nearing
completion, and I would like to start beta testing soon. I'm looking
for a few initial servers to start with. If you are a public server
admin struggling to secure your account registration against spammers
and you want to take part in the experiment, please email me off-list
and I'll contact you when we're ready.

Regards,
Matthew


More information about the Operators mailing list