Jabbim.cz hacked - what now?

Nikolaus Polak's picture

It seems that one other Jabber/XMPP-Server suffered user logindata from an SQL injection attack: http://pinky.jabb.im/2014/12/jabbim-bezpecnostni-problem-security.html

This method wouldn't work on our server, because the Jabber/XMPP database is here MNESIA (not MySQL, even when that's the point our last update try failed) and the webserver on the same virtual machine hasn't a module to connect to it (and there are some more protecting layers - even our transports to other networks aren't on the same machine).

If you're using an account at following domains, please change there your password (and if you used the password somewhere else: there too, better also a new one): jabbim.cz, jabbim.com, jabbim.pl, jabbim.sk, njs.netlab.cz, jabber.cz, jabster.pl and jabber.root.cz