[Operators] XMPP DDoS on yax.im today
postal dude
pstldde at gmail.com
Wed Oct 5 21:32:14 UTC 2016
Same for me.
Various registrations, probably testing if there is a blocking mechanism
on my server.
cycvakipu
prestige-dd
22vortex00
anthonyk
79mak
abdeynet
ejineege30
daviegril46
divinesoul11
confessor
confessor then started spamming:
____________________
Automatic XMPP-spammer /
XMPP-
https://xmppspam.space & http://xmppspamc54buwix.onion
Blocked both the Tor IP (78.36.201.252) as well as the service itself
(xmppspam.space = 104.31.223.74) and deleted all accounts manually.
On 05.10.2016 10:44, psjbeisler wrote:
> its a Tor exit node, i had the same IP doing the same thing a few nights
> ago. (Sept. 30)
> I blocked it as a temporary measure, but thinking it may be a bad node now.
>
> accounts were:
>
> jfihvubuhty
> sane4ek-18
> duaneperson
> melgrerrson
> 79
>
> and were all purged.
>
>
> On Wed, Oct 5, 2016 at 4:31 AM, Georg Lukas <georg at op-co.de> wrote:
>
>> * Nikolay Mitev <face at hmel.org> [2016-10-05 10:23]:
>>> On Sat, Sep 03, 2016 at 12:35:04PM -0700, Tony wrote:
>>>> In addition to 31.184.194.36 please also watch out for
>>
>> Small status update: in the last weeks I had repeated bursts of
>> registrations from that IP. It looks like the ISP doesn't react or care
>> (they created a ticket and claimed the user has to fix the problem
>> within 72h, nothing changed). Blacklisted it now.
>>
>>> Just got a registration from 78.36.201.252 for user
>>> mfextezede at hmel.org
>>>
>>> what's the best way to handle the situation? Ban the ip, delete user?
>>
>> Ideally, both. Also check previous registrations from either IP and
>> delete them as well.
>>
>>
>> Georg
>>
>
>
>
More information about the Operators
mailing list