ProcessOne SiteCustomer Helpdesk and FeedbackFollow us on Twitter
 
   
 
Invite Attack on Jabber ID
Posted: 25 December 2011 01:45 AM   [ Ignore ]
Newbie
Rank
Total Posts:  9
Joined  2011-12-25

Hi, i have a jabber ID here on Hosted.IM (mortisdragon.tk JID attacked .(JavaScript must be enabled to view this email address)), but recently it was attacked by a huge amount of invite spam from random JID’s (the only way i could delete the invites is adding the account in psi+ portable since that didnt crash when i added my Jabber ID’s that were attacked)

http://i.imgur.com/sw0cw.jpg

is there any way of blocking such attack? I also got the attack on my other talkr.im account (.(JavaScript must be enabled to view this email address)): http://i.imgur.com/DKUfj.jpg and it took about 10+miniutes deleting the invites.

can anyone advise me of any way to stop this…? thanks.

Profile
 
 
Posted: 26 December 2011 04:07 PM   [ Ignore ]   [ # 1 ]
Member
Avatar
RankRankRank
Total Posts:  63
Joined  2010-06-29

JIDs come from the same domain(s)? If the JIDs belong to a set of predefined domains you can just try to create a new privacy list to block all incoming packets (most advanced XMPP chat clients allows to edit your privacy lists). If the JIDs are completely random i think there is no way to block them from your side but we could try out some alternatives like captchas.

Profile
 
 
Posted: 26 December 2011 08:44 PM   [ Ignore ]   [ # 2 ]
Newbie
Rank
Total Posts:  9
Joined  2011-12-25
Juan Pablo Carlino (Process One) - 26 December 2011 04:07 PM

JIDs come from the same domain(s)? If the JIDs belong to a set of predefined domains you can just try to create a new privacy list to block all incoming packets (most advanced XMPP chat clients allows to edit your privacy lists). If the JIDs are completely random i think there is no way to block them from your side but we could try out some alternatives like captchas.

From what I’ve noticed, it seems to be coming from a huge amount of Anonymous Jabber Servers, always different ones.

i also noticed this botting sends messeges to my talkr.im XMPP Account as well: [03:04:43] <8ep8of0ql7acfaqyulao@dione.zcu.cz> 日一国会人年大十二本中長出三同時政事自行社見月分議後前民生連五発間対上部東者党地合市業内相方四定今回新場金員九入選立>開手米力学問高代明実円関決子動京全目表戦経通外最言氏現理調体化田当八
[03:04:47] <cmrtfkao43yllu5tkgfp@jabber.rtelekom.ru> 日一国会人年大十二本中長出三同時政事自行社見月分議後前民生連五発間対上部東者党地合市業内相方四定今回新場金員九入選立>開手米力学問高代明実円関決子動京全目表戦経通外最言氏現理調体化田当八
and much more.

Profile
 
 
Posted: 29 December 2011 12:05 AM   [ Ignore ]   [ # 3 ]
Newbie
Rank
Total Posts:  9
Joined  2011-12-25

okay, i just found my new jabber ID attacked just now by this bot, http://i.imgur.com/H9Iio.png i dont know if its my new MortisDragon.tk one, or Talkr.IM one.

Profile
 
 
Posted: 29 December 2011 12:41 AM   [ Ignore ]   [ # 4 ]
Member
Avatar
RankRankRank
Total Posts:  63
Joined  2010-06-29

We are working on a general solution to handle this issue. I’ll notify when ready.

Profile
 
 
Posted: 29 December 2011 01:03 AM   [ Ignore ]   [ # 5 ]
Newbie
Rank
Total Posts:  9
Joined  2011-12-25
Juan Pablo Carlino (Process One) - 29 December 2011 12:41 AM

We are working on a general solution to handle this issue. I’ll notify when ready.

Great, thanks =)

Profile
 
 
Posted: 05 January 2012 08:07 PM   [ Ignore ]   [ # 6 ]
Newbie
Rank
Total Posts:  9
Joined  2011-12-25

okay, just a small poke, is there any update on this ??

Profile
 
 
Posted: 06 January 2012 07:51 PM   [ Ignore ]   [ # 7 ]
Member
Avatar
RankRankRank
Total Posts:  63
Joined  2010-06-29

I’ve enabled subscription captcha on your domain. Please tell me if you need help or you see problems with it.

Regards

Profile
 
 
Posted: 08 January 2012 07:49 PM   [ Ignore ]   [ # 8 ]
Newbie
Rank
Total Posts:  9
Joined  2011-12-25
Juan Pablo Carlino (Process One) - 06 January 2012 07:51 PM

I’ve enabled subscription captcha on your domain. Please tell me if you need help or you see problems with it.

Regards

Okay thanks !

Profile
 
 
Posted: 14 January 2012 01:31 PM   [ Ignore ]   [ # 9 ]
Newbie
Rank
Total Posts:  9
Joined  2011-12-25
Juan Pablo Carlino (Process One) - 06 January 2012 07:51 PM

I’ve enabled subscription captcha on your domain. Please tell me if you need help or you see problems with it.

Regards

Okay, are you sure you did? i appear to still be getting this invite trash today.

From JID’s like:  .(JavaScript must be enabled to view this email address)/SomeoneHasAPedophileFriend

Profile
 
 
Posted: 16 January 2012 08:23 PM   [ Ignore ]   [ # 10 ]
Moderator
RankRank
Total Posts:  38
Joined  2009-06-04

Hi,

how many subscription request you had received?,  a flood of them or a few?.  I just checked and tested,  and your domain indeed request captcha verification before sending you any subscription requests. 
Could be that there is a real person completing those captcha request by hand, only to bother you?. 
Or do you receive such a big request number to think that there is an automatic bot that had compromised our captcha?.

Profile
 
 
Posted: 17 January 2012 08:29 PM   [ Ignore ]   [ # 11 ]
Newbie
Rank
Total Posts:  9
Joined  2011-12-25
ppolvorin - 16 January 2012 08:23 PM

Hi,

how many subscription request you had received?,  a flood of them or a few?.  I just checked and tested,  and your domain indeed request captcha verification before sending you any subscription requests. 
Could be that there is a real person completing those captcha request by hand, only to bother you?. 
Or do you receive such a big request number to think that there is an automatic bot that had compromised our captcha?.

Uhm, probally 1000+ invite requests then my Jabber client PSi+ just crashes.

Profile
 
 
Posted: 23 January 2012 08:43 PM   [ Ignore ]   [ # 12 ]
Newbie
Rank
Total Posts:  9
Joined  2011-12-25

Ohh also, its sending messeges too the account, not subscription requests.

Profile
 
 
Posted: 24 January 2012 04:00 PM   [ Ignore ]   [ # 13 ]
Moderator
RankRank
Total Posts:  38
Joined  2009-06-04

Hello,

to block those messages,  set a privacy list on your accounts, to only receive messages from your contacts.  Every client is different on how to do this for example:
in pidgin the option is on Tools > Privacy
in PSI, the option is on Modify Account > Privacy

Profile