On 21 March 2013 14:08, Kevin Smith <[email protected]> wrote: > On Thu, Mar 21, 2013 at 2:03 PM, Maxim Ignatenko <[email protected]> wrote: >> On 21 March 2013 13:44, Jesse Thompson <[email protected]> wrote: >>> On 3/20/2013 6:09 PM, Peter Viskup wrote: >>>> Did anybody performed some investigation and proved which servers are >>>> used for these attacks and if all of them are IBR-enabled? I'm not aware >>>> of anybody - didn't see list of the servers. >>> >>> Apparently not. >> >> jabber.kiev.ua have IBR enabled and protected by CAPTCHA. > > Interestingly (or maybe not) jabber.kiev.ua wasn't on the list of > servers I sent out that I'd see automated MUC attacks from.
Well, I'm trying to do my best at wiping spam accounts as I see them :) Userbase is not huge and usually there's only 1 or 2 new accounts per day, so it's feasible to just have myself in registration_watchers list. > The 300 number is interesting - I wonder why they did that. Do you > have any information about these subscriptions? Did they seem to be to > randomly generated users on gmail? Did they contain messages? No, I have only list of gmail JIDs and I don't know if they also sent any messages to gmail users. All gmail JIDs added by spam accounts was different and I suspect that spammers scraped it somewhere and now are just sharding it between spambots, but that's only my guess. -- Best regards, Maxim
