[ejabberd] Security question : flood

Peter Saint-Andre stpeter at jabber.org
Fri Aug 3 03:25:53 MSD 2007

kaan kaan wrote:
> hi @ll i have a security question. how can i stop the floods on a
> chat room, i tested it with pandion when i use a msnflooder programm,
> this works with pandion end you can flood the channel.

We have the ability to ban users by JabberID (JID), but if you can
create JIDs faster than the room admins can ban your JIDs then you can
keep on flooding the room.

We're looking into multiple solutions. One is banning (or more likely
automated blocking) by (hashed) IP address. This would be something that
all Jabber server developers could agree to (not limited to ejabberd).

Your filtering ideas are good too, that might be something the ejabberd
folks could write up.


Peter Saint-Andre

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7354 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.jabber.ru/pipermail/ejabberd/attachments/20070802/e7a8c4cd/attachment-0001.bin 

More information about the ejabberd mailing list