-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 4/10/12 3:08 PM, Daniel Fischaleck wrote: > Am Dienstag, 10. April 2012, 23:03:54 schrieb Claudiu Curcă: >> Hello, >> >> >> >> Tonight I've noticed an increase in server traffic and once I >> checked stuff aut I saw that some few thousand users were created >> from a russian IP address (178.47.4.86). The users were >> automatically created with the username XXyyyyyyZZ, where (XX and >> ZZ are numerica land yyyyy are random words). According to logs, >> all these users flooded the user [email protected], probably as some >> sort of childish revenge or something similar. >> >> >> >> Lately, I've been firewalling entire classes of IPs from the >> Russian Federation because of these automated registrations, >> although only now logs have shown actual flooding. >> >> >> >> With all respect to free and boundless communication, I am taking >> the caution of blocking each and every IP block from the Russian >> Federation, since I do not want (nor have to, for that matter) >> stay and guard the server from automated registrations (as a fun >> fact, out of all the former automated registrations detected, 105 >> of them, 104 were from Russia). >> >> >> >> I know it's harsh, but I encourage the rest of the admins to be >> vigilant and take hard countermeasures against such abuse. >> >> >> >> Best Regards, >> >> >> >> Claudiu Curcă - coderollers.com > > Hi, > > the same thing happened to my server orcalab.net. Public > registration is now disabled till I get that IP sorted and I am > restoring a backup of the old user database right now. I got over > 1000 registrations within a few minutes. Same scheme as yours.
Has in-band registration outlived its usefulness? It was originally designed as a user-friendly way to jumpstart use of Jabber technologies back in 1999. Perhaps it's not so appropriate today? (FWIW, at jabber.org we disabled IBR a few years ago and that hasn't stopped lots of people from registering new accounts!) Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk+EopMACgkQNL8k5A2w/vyYlQCg1QwNmkT5TwU4nzB84WVYO2FB xHMAnj2Gg7vszb+4SzgkCxgagsSWrW9N =9AI/ -----END PGP SIGNATURE-----
