[Operators] XMPP DDoS on yax.im today

Georg Lukas georg at op-co.de
Wed Oct 5 08:31:43 UTC 2016


* Nikolay Mitev <face at hmel.org> [2016-10-05 10:23]:
> On Sat, Sep 03, 2016 at 12:35:04PM -0700, Tony wrote:
> > In addition to 31.184.194.36 please also watch out for

Small status update: in the last weeks I had repeated bursts of
registrations from that IP. It looks like the ISP doesn't react or care
(they created a ticket and claimed the user has to fix the problem
within 72h, nothing changed). Blacklisted it now.

> Just got a registration from 78.36.201.252 for user
> mfextezede at hmel.org
> 
> what's the best way to handle the situation? Ban the ip, delete user?

Ideally, both. Also check previous registrations from either IP and
delete them as well.


Georg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: Digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20161005/54c04811/attachment.sig>


More information about the Operators mailing list