-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 8/27/09 1:39 PM, Fabio Forno wrote: > On Thu, Aug 27, 2009 at 9:31 PM, Peter Saint-Andre<[email protected]> wrote: >>> I think that >>> part of that flood was coming from our server too, since yesterday we >>> had a bot registering accounts. We blocked it in few minutes, but it >>> was able send a bulk of messages. In ejabberd there is an option for >>> limiting the number of registrations per IP, the problem is that in >>> our case almost all the clients are natted in large networks >> Yes, that is a challenge. :( > > Yep, I think that IP based limiting is the standard in all servers, > but this is a non option if you target mobile clients. The only > solution is using captchas or some external method (as we are going to > do now)
Yes we had a long thread about this when we were discussing ways to prevent denial of service attacks (XEP-0205). There are no easy answers... Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqW4tYACgkQNL8k5A2w/vyzDgCfUpqyY4I6Pm2MJjZtnGNeCEm1 r5kAn1FZixaalJEATxBSbQlf2jq4UKw6 =1NiL -----END PGP SIGNATURE-----
