[Operators] XMPP DDoS on yax.im today

psjbeisler psjbeisler at gmail.com
Wed Oct 5 08:44:28 UTC 2016


its a Tor exit node, i had the same IP doing the same thing a few nights
ago. (Sept. 30)
I blocked it as a temporary measure, but thinking it may be a bad node now.

accounts were:

jfihvubuhty
sane4ek-18
duaneperson
melgrerrson
79

and were all purged.


On Wed, Oct 5, 2016 at 4:31 AM, Georg Lukas <georg at op-co.de> wrote:

> * Nikolay Mitev <face at hmel.org> [2016-10-05 10:23]:
> > On Sat, Sep 03, 2016 at 12:35:04PM -0700, Tony wrote:
> > > In addition to 31.184.194.36 please also watch out for
>
> Small status update: in the last weeks I had repeated bursts of
> registrations from that IP. It looks like the ISP doesn't react or care
> (they created a ticket and claimed the user has to fix the problem
> within 72h, nothing changed). Blacklisted it now.
>
> > Just got a registration from 78.36.201.252 for user
> > mfextezede at hmel.org
> >
> > what's the best way to handle the situation? Ban the ip, delete user?
>
> Ideally, both. Also check previous registrations from either IP and
> delete them as well.
>
>
> Georg
>



-- 
The Internet is changing, consider securing your messages with PGP.
https://keybase.io/psjbeisler/key.asc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20161005/7063c777/attachment.html>


More information about the Operators mailing list