Security

Jabbim.cz hacked - what now?

Bild des Benutzers Nikolaus Polak

It seems that one other Jabber/XMPP-Server suffered user logindata from an SQL injection attack: http://pinky.jabb.im/2014/12/jabbim-bezpecnostni-problem-security.html

This method wouldn't work on our server, because the Jabber/XMPP database is here MNESIA (not MySQL, even when that's the point our last update try failed) and the webserver on the same virtual machine hasn't a module to connect to it (and there are some more protecting layers - even our transports to other networks aren't on the same machine).

Forums: