[Operators] Spamming/Bots on XMPP

Arsimael Inshan ai at jhml.de
Mon Feb 9 21:48:23 UTC 2015

Hello everyone.

During the last days/weeks/month I have to deal with a shitloiad of 
bots, register account after account on my domains.
I watched this and found out a good solution: They all register random 
accounts with a 5-7 username like

xio5edx at DOMAIN.COM

And they come from these IP Addresses: 	web28.webfaction.com 	lumiere.etabeta.it 	vps.manchesterwebhosting.co.uk 	aurora.enn.lu 	enetcr08.securesites.net 	s9.freehost.com.ua 	main.ktc.lt 	1,94126E+11 	x-page.hu 	trgserver1.expressivetek.com 	fir.dreamhost.com 	www.px2online.com 	douhisi.pair.com 	server4shop.de 	kopr.nettle.cz 	host123-21-37-46.serverdedicati.aruba.it 	ip-50-63-152-96.ip.secureserver.net 	www2.astranet.ru 	cl02.gs01.gridserver.com 	server1.shoppinglistexpress.com 	ded1009-lin-162-9.netsonic.net 	122.smart-dns.net 	h1599023.stratoserver.net 	146-37-90-81.rt.cmo.de 	s16554760.onlinehome-server.info 	server5.4pc.eu 	ix-180.myrack.q-nic.de 	mail.brandcomm.pl 	535725ED.cm-6-8a.dynamic.ziggo.nl 	cm-staticIP-85-152-33-147.telecable.es 	dmbackup.stv.ee.241.196.85.in-addr.arpa 	webmail4.mbi-inc.com

I allready cleared this list from TOR exit nodes and random enduser 
connections, but these IP Addresses are the main part. I had nearly 15k 
registrations in the last month just from those addresses.
I allready wrote to the Admins of these domains/Servers, informing tham 
that there are bots on their servers.

Anyone else having problems with spammers lately?

A. Inshan

email: ai at jhml.de
web: https://www.it-native.de (german)
This e-mail may contain confidential and/or privileged
Informations. If you are not the intended recipient, please
immediately inform the sender and delete this mail. Any
unauthorized copying, disclosure or distribution of this Mail
is not allowed.

More information about the Operators mailing list