[Operators] DDoS attacks against jabber.org

Peter Saint-Andre stpeter at stpeter.im
Thu Feb 6 18:11:17 UTC 2014


Folks,

The jabber.org IM service has experienced an ongoing DDoS attack over 
the last several days. The attack occurs over XMPP (not TCP) and has 
originated from JabberIDs registered with a broad cross-section of 
servers on the public XMPP network. As far as we have been able to 
determine, most of these servers offer In-Band Registration (XEP-0077) 
with few if any restrictions (such as CAPTCHAs, although we know those 
are easily thwarted anyway).

The jabber.org admins have taken a number of steps to limit the impact 
of these DDoS attacks. Unfortunately, among those steps, we have been 
forced to disable server-to-server communication from the servers that 
host the accounts that are attacking jabber.org. We really don't like it 
that legitimate users of these servers are thereby prevented from 
communicating with users at jabber.org, but at this point we have no choice.

The list of servers we are currently blocking can be found at the end of 
this message. We will update this list as needed, because we are 
continuing to discover more servers with DDoS accounts on them.

If you run one of these servers, please let us know when you've added
additional protection against registration abuse, along with details 
about what you've done, so that we can re-enable federation with your 
server.

Thanks!

Peter (for the jabber.org admin team)

###

bal-s.ru
bks-tv.ru
debianforum.de
footter.com
games.onego.ru
im.apinc.org
im.hadrien.eu
iraqtalk.org
jabber.com.ua
jabber.fr
jabber.mipt.ru
jabber.murom.net
jabber.nln.ru
jabber.no
jabber.snc.ru
jabber.stream.uz
jabber.totel.ru
jabber.tsk.ru
jabber.wiretrip.org
jabber-br.org
jabbernet.dk
kofeina.net
linux.pl
octro.net
oneteam.im
talk.mipt.ru
talkers.im
zsh.su

###


More information about the Operators mailing list