[Operators] Source of the JIDs being spammed? -- Re: Suspicion of Jabbim services being hacked
casper
casper at systemli.org
Thu Dec 31 12:12:55 UTC 2015
I suspect vjud-search is also a problem in this context.
> but sometimes you want to say something to someone once without giving them
> all your presence. And spammers will likely turn to spamming with
> subscription requests instead, as reported by Google a
> couple of years ago.
I think this will not be possible in the long term. All modern
messengers are doing it differently. Requiring proof-of-work for a
subscription would certainly be a good idea, but break the current protocol.
casper // systemli.org
On 30.12.2015 22:19, Jan Pinkas wrote:
> Hi Kim,
> its not look like we are only one source of data... From Jabbim leaked
> users table from ejabberd database... Not rosters of our users. And spam
> was received too to newest accounts and my testing accounts.
>
> 1. Maybe more servers was hacked (and hack was not reported)
> 2. Some web pages crawler check not only for emails but maybe too for
> SRV records crawled "e-mail addresses"
>
> Example: zash at zash.se <mailto:zash at zash.se>
>
> zash.se <http://zash.se/> dns info:
>
> IP address(es) - 85.11.25.66
>
> XMPP server - sphyrna.zash.se:5269 <http://sphyrna.zash.se:5269/>
>
> XMPP client - sphyrna.zash.se:5222 <http://sphyrna.zash.se:5222/>
>
> Hey, this is JID.
>
>
> 3. Generating JIDs from dictionaries, servers not reporting error, if
> address exist and server supports offline messages.
>
> Problem is one: Bad guys from Russia are using XMPP. And this type of
> (actual) spam wave have good CTR.
>
> Best regards,
> Pinky, Jabbim
>
> 2015-12-23 18:10 GMT+01:00 Kim Alvefur <zash at zash.se <mailto:zash at zash.se>>:
>
> On 2014-12-19 15:24, Peter Viskup wrote:
> > Hi all,
> > thought it would be interesting to the audience of this mailinglist.
> >
> > http://pinky.jabb.im/2014/12/jabbim-bezpecnostni-problem-security.html
> >
> > Best regards,
> >
>
> Someone suggested that JIDs leaked in this incident might be what fueled
> the recent directed spam wave. I had actually forgotten this thread, but
> found it again after some searching.
>
> The original thread went on to discuss SCRAM for password security, but
> gave no thought to what else of value might have leaked. Since everyone
> seems to have been hit by spam, even people who don't have their JIDs
> posted on wiki.xmpp.org <http://wiki.xmpp.org>, some kind of
> compromise seems very likely, and
> the jabbim one might be it (or at least one possible source).
>
> So what can we do? I suspect anything that has any effect will come at
> a price.
>
> We could start requiring presence subscriptions for sending messages,
> which would decrease the value of just having a large list of JIDs, but
> sometimes you want to say something to someone once without giving them
> all your presence. And spammers will likely turn to spamming with
> subscription requests instead, as reported by Google a couple of
> years ago.
>
> --
> Kim "Zash" Alvefur
>
>
More information about the Operators
mailing list