Hi,
just wanted to say that for now it seems servers like mine can not be targeted
by this bot, perhaps until the "nice guy" reads this: I have only 2 domains
with iq:register allowed (linuxlovers.at / 0nl1ne.at), which need both DNS SRV
lookup to find my xmpp service - could it be that only DNS IN-A reachable
servers are (by these two persons, and for now) targeted?
regards,
Nik
----- Ursprüngliche Mail -----
Von: "Peter Viskup" <skupko...@gmail.com>
An: "XMPP Operators Group" <operators@xmpp.org>
Gesendet: Mittwoch, 8. September 2010 10:14:41
Betreff: Re: [Operators] Rosters flood
Small correction in regexp:
"^(40tman_rullez|ws_conference_jabber_ru)"
and the name in access rule should be jabber_sk_bad_users of course.
On Wed, Sep 8, 2010 at 9:47 AM, Peter Viskup < skupko.sk @ gmail.com > wrote:
I configured restriction for account creation based on regexp and filter these
account names.
I think administrators of other affected jabber servers should follow this
approach.
{acl, jabber_sk_bad_users, {user_regexp,
"^[40tman_rullez,ws_conference_jabber_ru]", " jabber.sk "}}.
{access, register_jabber_sk, [{deny, bad_users}, {allow, all}]}.
I will remove all existing 40tman_rullez and ws_conference_jabber_ru accounts
on jabber.sk that these will not be used any more.
Regards,
--
Peter Viskup
xmpp: sku...@jabber.sk
On Wed, Sep 8, 2010 at 6:39 AM, Evgeniy Khramtsov < xramt...@gmail.com > wrote:
08.09.2010 08:36, Peter Viskup wrote:
I have evidence of these '40tman_rullez' accounts being created on jabber.sk
server for last weeks.
Most of connections of '40tman_rullez' accounts are made from IPs
188.168.78.102, 188.168.78.162, 81.177.33.11...
But there are also others e.g.:
ws_conference_jabber_ru41odk...@jabber.sk
Most of connections of 'ws_conference_jabber_ru' accounts are made from IPs
109.169.251.0, 82.146.63.108, 95.67.179.109...
Thank you for the info!
All listed IPs are registered in Russia.
These accounts are probably causing also the increased network utilization on
our server (4Mb/s in peaks).
Let me know if any other information could help you to find the way how to
fight against this. Do you have any recommendation how to prevent these
accounts to be created on our server? I do not like to implement CAPTCHA nor
filtering IPs.
The only way I know is to disable iq:register and provide web-based
registration only (with CAPTCHA). Well, of course, as Yann said, it is possible
to improve in-band registration modules to support CAPTCHA, but there are too
little clients supporting it. Also the good approach is to register one account
per one confirmation email. My bad, but we don't have such feature on jabber.ru
:( Seems like it is the time to implement it...
--
Regards,
Evgeniy Khramtsov, ProcessOne.
xmpp:x...@jabber.ru .
--
--
Nikolaus Polak - http://nplog.0nl1ne.at - smtp&xmpp: n...@linuxlovers.at
