On Mon, Feb 20, 2012 at 5:51 PM, Mathias Ertl <[email protected]> wrote: > Jonas, > > On 2012-02-20 17:41, Jonas Ådahl wrote: >> Today my server was bombarded with thousands of subscription requests >> from various different XMPP domains[0] resulting in it crashing. Also >> with these requests came identical messages[1]. All of the accounts >> looks like [random characters]@domain.com such as >> [email protected]. Seems like all of the requests were >> directed at one user. > > Is it possible to draw up a list of accounts that took part in the > attack and send those accounts to the corresponding server-admins, at > least if they are known? >
Sadly no. I removed some files in order to get my gajim up and running, and did not make any backups. Anyhow, for what I could tell all of the accounts were 20 character long and consisted only of random a-z and 0-9 characters. I put a very small portion of the accounts here: http://pastebin.com/b0NrDAEL that I recovered from my gajim message log. The list should be more like 6-7000 long instead of 54 however, but that's all I could find now. Jonas
