The ongoing discussions about Google having had to (temporarily?) impose a blanket block on sub requests has reminded me that I meant to post.
A few weeks ago a service I admin was attacked over S2S by flooders (MUC room attacks). As far as I can tell, the flooders had produced scripts to autoregister accounts on servers that have unprotected registrations, use them to spam a few messages each and presumably then throw the accounts away. I've had to block all of the following servers for having unprotected signups - other admins can use or ignore this information as they wish, but if any admins of these servers are following the list, please effect some protection against this abuse - i.e. disable unprotected IBR. As well as knowing when it's safe to start unblocking these servers, I'd be interested to hear what steps people are generally taking to prevent abuse from their accounts, especially if they run services that allow public signup. 12jabber.com abber.linux.it brauchen.info deshalbfrei.org headcounter.org im.apinc.org jabber.ccc.de jabber.com.ua jabber.fr jabber.justlan.ru jabber.linux.it jabber.murom.net jabber.ozerki.net jabber.rdtc.ru jabber.sk jabber.snc.ru jabber.tcweb.org jabber.wiretrip.org jabbernet.dk jid.pl jwchat.org kofeina.net myjid.eu silper.cz skyjabber.ru swissjabber.eu swissjabber.li syriastars.com xmpp.us /K
