Hi Mathias,
it's just surprising that there are also other servers affected by this
behavior.
Thank you for sharing your procedure to gain with it.
Some of the chat rooms are forwarding the information about Arabia world
from Aljazeera, CNN and other newsletters via bots reading RSS.
Best regards,
--
Peter Viskup
On 05/28/2012 11:31 AM, Mathias Ertl wrote:
Hi,
On 2012-05-28 00:19, Peter Viskup wrote:
we are experiencing some strange situation on MUC on our jabber server.
There were quite a lot of MUC created and most of them from Syria. These
MUCs were moved from other jabber server on which they were blocked.
Does somebody of you have experience with bots flooding MUCs and users
asking for granting them admin rights for specific MUCs? How do you
'clean' persistent MUCs not used anymore?
Main issues:
- listing of registered conferences take some minutes
- muc_room Mnesia table is about 58MBs large
- ejabberdctl doesn't provide commands for administering MUCs
We (jabber.at) have the very same problem. Two things are important to note:
1. These rooms are created en masse automatically. If you destroy them
all,>100 will be created within a few seconds. (but that does not occur
until some time after that)
2. While much of it appears to come from Syria (i.e. Room names are
those of Syrian cities) no *real* chat is happening there. I have given
chatlogs to a few arab-speaking persons and the "chat" is just
gibberish. I have tried several times to chat with MUC-admins and their
intelligence has been similar to that of Eliza[1].
We have taken some steps to stop that epidemic:
(1) Only local users may create MUCs.
When MUCs are created, the creator is usually the same over all rooms.
because of (1), we know what IP registered and used that acccount.
(2) All accounts registered/used from that IP-address are deleted,
usernames blocked, IP-addresses blocked on an IP-Level.
(3) We use a munin-plugin[2] to monitor the number of MUCs. If a large
number of MUCs is created, we get a notification by Munin.
Using these measures, this now only happens rarely. If it happens, MUCs
are removed very fast by our admins.
Another thing to note: The first time I started destroying MUCs using my
regular account, I received a DOS-attack in the form of thousands of
automated private messages. I now use a dedicated account that I can
just log of from to destroy MUCs, as a precaution.
greetings, Mati
(jabber.at)
[1] http://en.wikipedia.org/wiki/ELIZA
[2] http://git.fsinf.at/fsinf/munin/blobs/master/muc_count
