[Operators] XMPP DDoS on yax.im today

postal dude pstldde at gmail.com
Wed Oct 5 21:32:14 UTC 2016


Same for me.

Various registrations, probably testing if there is a blocking mechanism
on my server.

cycvakipu
prestige-dd
22vortex00
anthonyk
79mak
abdeynet
ejineege30
daviegril46
divinesoul11
confessor

confessor then started spamming:

    ____________________
    Automatic XMPP-spammer /
 XMPP-
    https://xmppspam.space & http://xmppspamc54buwix.onion

Blocked both the Tor IP (78.36.201.252) as well as the service itself
(xmppspam.space = 104.31.223.74) and deleted all accounts manually.

On 05.10.2016 10:44, psjbeisler wrote:
> its a Tor exit node, i had the same IP doing the same thing a few nights
> ago. (Sept. 30)
> I blocked it as a temporary measure, but thinking it may be a bad node now.
> 
> accounts were:
> 
> jfihvubuhty
> sane4ek-18
> duaneperson
> melgrerrson
> 79
> 
> and were all purged.
> 
> 
> On Wed, Oct 5, 2016 at 4:31 AM, Georg Lukas <georg at op-co.de> wrote:
> 
>> * Nikolay Mitev <face at hmel.org> [2016-10-05 10:23]:
>>> On Sat, Sep 03, 2016 at 12:35:04PM -0700, Tony wrote:
>>>> In addition to 31.184.194.36 please also watch out for
>>
>> Small status update: in the last weeks I had repeated bursts of
>> registrations from that IP. It looks like the ISP doesn't react or care
>> (they created a ticket and claimed the user has to fix the problem
>> within 72h, nothing changed). Blacklisted it now.
>>
>>> Just got a registration from 78.36.201.252 for user
>>> mfextezede at hmel.org
>>>
>>> what's the best way to handle the situation? Ban the ip, delete user?
>>
>> Ideally, both. Also check previous registrations from either IP and
>> delete them as well.
>>
>>
>> Georg
>>
> 
> 
> 



More information about the Operators mailing list