Open hasufell opened 5 years ago
It seems so... I just had the pleasure to remove almost 4000 unwanted users from my server. :wink:
The EJABBERD_REGISTER_ADMIN_ONLY
option is missing in the README.md
, so I wasn't aware of it. Maybe its logic should also be reversed, so in-band registration is disabled by default, and only enabled if an env is explicitly set to true.
Awful. I wonder how many more users of this image are affected.
Also, EJABBERD_REGISTER_TRUSTED_NETWORK_ONLY
is supposed to be true
by default, according to the README. However this default value does not seem to be set anywhere.
I just had the pleasure to remove almost 4000 unwanted users from my server.
@shred I guess that those users were registered by a spammer. Setting EJABBERD_CAPTCHA
env var to true
can help save you from such situations.
A default configuration should never be an open relay.
Is this docker image by default an open relay in such that it allows in-band registration?
https://github.com/rroemhild/docker-ejabberd/blob/40f2b5b1d4a40f24a690e98722d983d27f0c0096/conf/ejabberd.yml.tpl#L291-L298