jabber.org http://www.jabber.org/ jabber.org notices http://www.jabber.org/notices http://creativecommons.org/publicdomain/zero/1.0/ 2013-03-05 tag:jabber.org,9 2012-03-05 2012-03-05

The security certificate that we installed in December used a SHA-256 fingerprint, which theoretically is more secure but which some existing software can't handle yet. Therefore we have installed a corrected certificate using a SHA-1 fingerprint. If you've been receiving a certificate warning for the last few months, you shouldn't receive those anymore.

tag:jabber.org,8 2012-01-15 2012-01-15

In response to several recent instances of abuse, we have disallowed non-ASCII characters in new accounts registered at the jabber.org IM service. This policy does not apply to existing accounts.

tag:jabber.org,7 2012-10-09 2012-10-09

We have re-opened account registration at https://register.jabber.org/

tag:jabber.org,6 2012-09-25 2012-09-25

Version 1.1 of the jabber.org service policy is now in effect.

tag:jabber.org,5 2012-08-22 2012-08-22

Recently the jabber.org IM service has been the victim of massive and repeated denial of service attacks. The admin team strongly suspects that these attacks are related to the widespread and abusive use of jabber.org accounts by "customers" of KBot, a program for cheating at the DarkOrbit game. Even if the DoS attacks prove to be unrelated to KBot, the admin team has decided that use of jabber.org to communicate with KBot violates the jabber.org service policy. Although we are in the process of updating the service policy to more clearly define how this kind of usage is abusive, the dire nature of the current threat has forced us to take more immediate action. Therefore, we are disabling the accounts of every jabber.org user who communicates with KBot, and we have disabled new account registration to prevent further communication between jabber.org users and KBot. We do not take this step lightly, but given the current circumstances we have no other choice.

tag:jabber.org,4 2012-08-22 2012-08-22

As part of our defensive measures against repeated DoS attacks, we have disabled new account registration until further notice.

tag:jabber.org,3 2012-08-21 2012-08-21

The previous DDoS attack has started again. As before, fallback measures are in place, but if your IM client doesn't handle DNS SRV records correctly then you might not be able to connect.

tag:jabber.org,2 2012-08-20 2012-08-20

We have posted proposed changes to the policy that governs use of the jabber.org IM service. Details, links, and instructions for providing feedback can be found in our post to the juser@jabber.org email list, see http://mail.jabber.org/pipermail/juser/2012-August/006869.html.

tag:jabber.org,1 2012-08-15 2012-08-15

We were able to completely restore service today. However, it is quite possible that the denial of service attack could be launched again at any time. If you were unable to connect during the outage, we recommend that you consider using a different IM client or reporting a bug to the developers of the IM client you use, since standard DNS fallback and XMPP reconnection methods should have been sufficient to keep you online after the first few hours of the attack.

tag:jabber.org,0 2012-08-12 2012-08-12

Today we have experienced a distributed denial of service attack against the jabber.org IM service. Although the web server and email server are running fine, we have been forced to take the IM service offline until your (volunteer!) admin team has time to determine appropriate countermeasures. UPDATE 2012-08-12: We've made some DNS fixes and some clients are now able to connect.