[Operators] DDoS attacks against jabber.org
stpeter at stpeter.im
Thu Feb 6 18:11:17 UTC 2014
The jabber.org IM service has experienced an ongoing DDoS attack over
the last several days. The attack occurs over XMPP (not TCP) and has
originated from JabberIDs registered with a broad cross-section of
servers on the public XMPP network. As far as we have been able to
determine, most of these servers offer In-Band Registration (XEP-0077)
with few if any restrictions (such as CAPTCHAs, although we know those
are easily thwarted anyway).
The jabber.org admins have taken a number of steps to limit the impact
of these DDoS attacks. Unfortunately, among those steps, we have been
forced to disable server-to-server communication from the servers that
host the accounts that are attacking jabber.org. We really don't like it
that legitimate users of these servers are thereby prevented from
communicating with users at jabber.org, but at this point we have no choice.
The list of servers we are currently blocking can be found at the end of
this message. We will update this list as needed, because we are
continuing to discover more servers with DDoS accounts on them.
If you run one of these servers, please let us know when you've added
additional protection against registration abuse, along with details
about what you've done, so that we can re-enable federation with your
Peter (for the jabber.org admin team)
More information about the Operators