[Operators] Suspicion of Jabbim services being hacked

Kim Alvefur zash at zash.se
Sat Dec 20 15:08:10 UTC 2014


SASL mechanism and client stats from the last two weeks on a small site
I run:

 87% PLAIN
 10% SCRAM-SHA-1
  3% SCRAM-SHA-1-PLUS

 43% Pidgin version 2.10.9 (libpurple 2.10.9)
 22% Adium version 1.5.10 (libpurple 2.10.9)
 21% Gajim version 0.15.4
  7% Jitsi version 2.2.4603.9615
  3% Jitsi version 2.4.4997
  3% irssi-xmpp version 0.51
  1% Trillian version 5.4.0.15
  1% Vacuum-IM version 1.3.0.2436 Alpha

This is with SCRAM storage enabled.  At some point before switching to
this it was 100% DIGEST-MD5.

Clients are queried using XEP-92 right after login.  Less than half of
clients responded with something useful.

Collection was done with two plugins, mod_log_sasl_auth and
mod_query_client_ver, both available from
https://code.google.com/p/prosody-modules/

--
Kim "Zash" Alvefur

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20141220/f8de1291/attachment.sig>


More information about the Operators mailing list