Hi, On 02/06/2014 07:11 PM, Peter Saint-Andre wrote: > The jabber.org IM service has experienced an ongoing DDoS attack over > the last several days.
We have also seen such attacks (on a limited and very short timescale). I hope you manage to get rid of those attacks - best of luck! Do the accounts (i.e. their nick) look similar in some way? > The attack occurs over XMPP (not TCP) and has > originated from JabberIDs registered with a broad cross-section of > servers on the public XMPP network. As far as we have been able to > determine, most of these servers offer In-Band Registration (XEP-0077) > with few if any restrictions (such as CAPTCHAs, although we know those > are easily thwarted anyway). > > The jabber.org admins have taken a number of steps to limit the impact > of these DDoS attacks. Unfortunately, among those steps, we have been > forced to disable server-to-server communication from the servers that > host the accounts that are attacking jabber.org. We really don't like it > that legitimate users of these servers are thereby prevented from > communicating with users at jabber.org, but at this point we have no > choice. > > The list of servers we are currently blocking can be found at the end of > this message. We will update this list as needed, because we are > continuing to discover more servers with DDoS accounts on them. > > If you run one of these servers, please let us know when you've added > additional protection against registration abuse, along with details > about what you've done, so that we can re-enable federation with your > server. Is registration abuse really an issue here? I mean: Are hundreds of accounts from the same server participating in the attack? Or just one account per server? BTW: We discussed issues like this before. What has happened on the network with regards to this issue since then? greetings, Mati > > Thanks! > > Peter (for the jabber.org admin team) > > ### > > bal-s.ru > bks-tv.ru > debianforum.de > footter.com > games.onego.ru > im.apinc.org > im.hadrien.eu > iraqtalk.org > jabber.com.ua > jabber.fr > jabber.mipt.ru > jabber.murom.net > jabber.nln.ru > jabber.no > jabber.snc.ru > jabber.stream.uz > jabber.totel.ru > jabber.tsk.ru > jabber.wiretrip.org > jabber-br.org > jabbernet.dk > kofeina.net > linux.pl > octro.net > oneteam.im > talk.mipt.ru > talkers.im > zsh.su > > ### -- twitter: @mathiasertl | xing: Mathias Ertl | email: [email protected] I only read plain-text mail! I prefer signed/encrypted mail!
smime.p7s
Description: S/MIME Cryptographic Signature
