[Operators] Spamming/Bots on XMPP

Tue Feb 10 05:23:02 UTC 2015

Yes, you can turn on Captchas or limit the number of registrations from one IP within 24 hours.
Captchas also work in-band (ejabberd).

Am 9. Februar 2015 23:11:35 MEZ, schrieb JC Brand <lists at opkode.com>:
>Perhaps a naive question, but is this with a captcha enabled?
>
>On 09 Februarie 2015 10:48:23 nm. CET, Arsimael Inshan <ai at jhml.de>
>wrote:
>>Hello everyone.
>>
>>During the last days/weeks/month I have to deal with a shitloiad of 
>>bots, register account after account on my domains.
>>I watched this and found out a good solution: They all register random
>
>>accounts with a 5-7 username like
>>
>>xio5edx at DOMAIN.COM
>>
>>And they come from these IP Addresses:
>>
>>108.59.11.84 	web28.webfaction.com
>>109.233.123.48 	lumiere.etabeta.it
>>112.198.64.34 	112.198.64.34
>>162.251.83.39 	vps.manchesterwebhosting.co.uk
>>176.126.252.12 	aurora.enn.lu
>>192.220.23.237 	enetcr08.securesites.net
>>193.200.173.5 	s9.freehost.com.ua
>>193.219.160.2 	main.ktc.lt
>>194.0.200.11 	194.0.200.11
>>194.126.183.156 	1,94126E+11
>>195.70.35.245 	x-page.hu
>>198.65.30.250 	trgserver1.expressivetek.com
>>208.113.231.237 	fir.dreamhost.com
>>208.67.250.171 	www.px2online.com
>>209.68.5.179 	douhisi.pair.com
>>212.98.187.70 	212.98.187.70
>>217.160.253.33 	server4shop.de
>>217.196.220.2 	kopr.nettle.cz
>>27.109.94.214 	27.109.94.214
>>46.37.21.123 	host123-21-37-46.serverdedicati.aruba.it
>>49.212.76.195 	49.212.76.195
>>50.63.152.96 	ip-50-63-152-96.ip.secureserver.net
>>62.183.104.5 	www2.astranet.ru
>>64.13.192.11 	cl02.gs01.gridserver.com
>>66.135.38.154 	server1.shoppinglistexpress.com
>>66.180.162.9 	ded1009-lin-162-9.netsonic.net
>>72.3.217.177 	72.3.217.177
>>74.80.172.122 	122.smart-dns.net
>>81.169.162.116 	h1599023.stratoserver.net
>>81.90.37.146 	146-37-90-81.rt.cmo.de
>>82.165.137.178 	s16554760.onlinehome-server.info
>>82.211.19.143 	server5.4pc.eu
>>83.125.28.180 	ix-180.myrack.q-nic.de
>>83.144.92.212 	mail.brandcomm.pl
>>83.87.37.237 	535725ED.cm-6-8a.dynamic.ziggo.nl
>>84.120.254.236 	84.120.254.236.dyn.user.ono.com
>>85.152.33.147 	cm-staticIP-85-152-33-147.telecable.es
>>85.196.241.198 	dmbackup.stv.ee.241.196.85.in-addr.arpa
>>91.223.240.83 	91.223.240.83
>>93.176.82.58 	93.176.82.58
>>94.75.112.152 	94.75.112.152
>>96.56.83.114 	webmail4.mbi-inc.com
>>
>>
>>I allready cleared this list from TOR exit nodes and random enduser 
>>connections, but these IP Addresses are the main part. I had nearly
>15k
>>
>>registrations in the last month just from those addresses.
>>I allready wrote to the Admins of these domains/Servers, informing
>tham
>>
>>that there are bots on their servers.
>>
>>Anyone else having problems with spammers lately?
>>
>>-- 
>>A. Inshan
>>IT-Consultant
>>
>>email: ai at jhml.de
>>web: https://www.it-native.de (german)
>>-----------------------------------------------------------------
>>This e-mail may contain confidential and/or privileged
>>Informations. If you are not the intended recipient, please
>>immediately inform the sender and delete this mail. Any
>>unauthorized copying, disclosure or distribution of this Mail
>>is not allowed.
>>-----------------------------------------------------------------
>
>-- 
>Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail
>gesendet.

-- 
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20150210/aa055b11/attachment.html>