[Operators] DDoS attacks against jabber.org

David Banes david at banes.org
Fri Feb 7 08:05:12 UTC 2014

In my view this is the correct approach (block s2s communication) and mirrors the behaviour in the SMTP world. It's the way I run SMTP/XMPP platforms so I'd expect others to do the same. 

Quite simply if you see a badly behaving server/IP you block it until the owner has rectified the situation.   Yes this upsets some users on the server(s) that is blocked but that's fine, they can apply pressure on the owner to fix it or take their 'business' elsewhere.     

Doing this will weed out the problem operators and clean up our network.


On 6 Feb 2014, at 18:11, Peter Saint-Andre <stpeter at stpeter.im> wrote:

> Folks,
> The jabber.org IM service has experienced an ongoing DDoS attack over the last several days. The attack occurs over XMPP (not TCP) and has originated from JabberIDs registered with a broad cross-section of servers on the public XMPP network. As far as we have been able to determine, most of these servers offer In-Band Registration (XEP-0077) with few if any restrictions (such as CAPTCHAs, although we know those are easily thwarted anyway).
> The jabber.org admins have taken a number of steps to limit the impact of these DDoS attacks. Unfortunately, among those steps, we have been forced to disable server-to-server communication from the servers that host the accounts that are attacking jabber.org. We really don't like it that legitimate users of these servers are thereby prevented from communicating with users at jabber.org, but at this point we have no choice.
> The list of servers we are currently blocking can be found at the end of this message. We will update this list as needed, because we are continuing to discover more servers with DDoS accounts on them.
> If you run one of these servers, please let us know when you've added
> additional protection against registration abuse, along with details about what you've done, so that we can re-enable federation with your server.
> Thanks!
> Peter (for the jabber.org admin team)
> ###
> bal-s.ru
> bks-tv.ru
> debianforum.de
> footter.com
> games.onego.ru
> im.apinc.org
> im.hadrien.eu
> iraqtalk.org
> jabber.com.ua
> jabber.fr
> jabber.mipt.ru
> jabber.murom.net
> jabber.nln.ru
> jabber.no
> jabber.snc.ru
> jabber.stream.uz
> jabber.totel.ru
> jabber.tsk.ru
> jabber.wiretrip.org
> jabber-br.org
> jabbernet.dk
> kofeina.net
> linux.pl
> octro.net
> oneteam.im
> talk.mipt.ru
> talkers.im
> zsh.su
> ###

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.jabber.org/pipermail/operators/attachments/20140207/95eff384/attachment-0001.pgp>

More information about the Operators mailing list