A series of attacks on the largest jabber-servers
Yesterday began a series of flood attacks on the largest Jabber-servers based on Ejabberd. The attackers spread the flood bot in the server conferences jabber.ru. The bot registered random JID's on various jabber servers, then all registered accounts were driven into the newly-conscious conference and started to quickly enter / exit, send messages, flood presentations.
As a result of the attack, the conference service on several large servers was inaccessible.
In the course of a detailed study of the flood bot, it turned out that its package included a database of jabber servers around the world, including the list of servers based on Ejabberd 1.x, the basic functionality of which does not provide for restrictions on JID's registration from a single IP addresses (in more recent versions of Ejabberd this possibility has appeared).
')
It should be noted that currently the administrators of the largest jabber servers have installed a patch that prevents denial of service.
As a result of the attack, the conference service on several large servers was inaccessible.
In the course of a detailed study of the flood bot, it turned out that its package included a database of jabber servers around the world, including the list of servers based on Ejabberd 1.x, the basic functionality of which does not provide for restrictions on JID's registration from a single IP addresses (in more recent versions of Ejabberd this possibility has appeared).
')
It should be noted that currently the administrators of the largest jabber servers have installed a patch that prevents denial of service.
Source: https://habr.com/ru/post/70542/
All Articles