On 06/02/14 22:21, Mathias Ertl wrote: > Hi, > > On 02/06/2014 07:11 PM, Peter Saint-Andre wrote: >> The jabber.org IM service has experienced an ongoing DDoS attack over >> the last several days. > We have also seen such attacks (on a limited and very short timescale). > I hope you manage to get rid of those attacks - best of luck! Do the > accounts (i.e. their nick) look similar in some way?
All accounts used in the attacks follow the same pattern. >> The attack occurs over XMPP (not TCP) and has >> originated from JabberIDs registered with a broad cross-section of >> servers on the public XMPP network. As far as we have been able to >> determine, most of these servers offer In-Band Registration (XEP-0077) >> with few if any restrictions (such as CAPTCHAs, although we know those >> are easily thwarted anyway). >> >> The jabber.org admins have taken a number of steps to limit the impact >> of these DDoS attacks. Unfortunately, among those steps, we have been >> forced to disable server-to-server communication from the servers that >> host the accounts that are attacking jabber.org. We really don't like it >> that legitimate users of these servers are thereby prevented from >> communicating with users at jabber.org, but at this point we have no >> choice. >> >> The list of servers we are currently blocking can be found at the end of >> this message. We will update this list as needed, because we are >> continuing to discover more servers with DDoS accounts on them. >> >> If you run one of these servers, please let us know when you've added >> additional protection against registration abuse, along with details >> about what you've done, so that we can re-enable federation with your >> server. > Is registration abuse really an issue here? I mean: Are hundreds of > accounts from the same server participating in the attack? Or just one > account per server? Many accounts per domain, as far as I have seen. Edwin
