Forcing Forward Secrecy on ALL connections

Posted by – July 22, 2015

Flattr this!

A few days ago we updated our ejabberd installation to 15.06. Being up to date we were able to force PFS on ALL (c2s and s2s) connections using this cipher:


Additionally we set our own DHE parameters, just because.

Update: Mati from did a quick summary how to upgrade your ejabberd when you’re still at debian/wheezy:

P.S.: We use the Debian packages from

Incoming DoS attack

Posted by – December 25, 2014

Flattr this!

Since yesterday we’re experiencing a DoS attack (DNS amplification) against our service. Our hoster informed us that there’s about 2 – 5 gbit/s of traffic.

P.S.: on ipv6 you’re good and still able to use this server.

Update (14:00h): We’re back.

Update (2015-01-03): There was another DDoS attack starting January 1st. We were fully unreachable until yesterday evening.
Up to now there are still reports that from some ISPs people are unable to connect. This might be the result of mitigating the DDoS attack and might last a few more days.

And, please don’t forget to regularly check @jabbercccde on Twitter. That medium gets updates far quicker.

New password retrieval policy (aka: NOPE)

Posted by – September 4, 2014

Flattr this!

Today our steering committee took the following decision:

Unfortunately, there is no way for the server administrators to check if
you are actually the person who registered a given account – the only
information you supplied when registering was the Jabber ID and your

Therefor we won’t be giving out new passwords for lost ones anymore.

New hardware, new colo

Posted by – July 1, 2014

Flattr this!

We’re going to move the jabber service to newly bought hardware tonight, this is attended with moving to a new colo site.

New hardware: Supermicro X9DR3-F, 32GB RAM, Dual Intel(R) Xeon(R) CPU E5-2609.

New colo: Nessus, Vienna/AT

New IP addresses:, 2a02:1b8:10:31::229 (just in case your DNS caches the old IPs too strictly)

Sorry if you lost your bookmarks and other information stored in pubsub, but the server didn’t want to start with them being prefilled.

Encryption required on c2s and s2s links

Posted by – May 22, 2014

Flattr this!

We’ve now finally enabled required encryption on s2s links, so if you’re unable to chat to and see your friends at Google Talk or google-enabled domains, that’s the reason.


Posted by – April 8, 2014

Flattr this!

Nope, we’re not affected. KTHXBYE.

Downtime today (colo power supply maintenance)

Posted by – March 14, 2014

Flattr this!

We’ll be shutting down for at about 10:45 CET today since there are planned maintenance works at our colo’s power supply.

These might last a bit too long for our UPS to cope with the outage.

s2s enquiring encryption (at least) for today

Posted by – January 4, 2014

Flattr this!

As mentioned in, we changed the server’s config to require TLS for the server-to-server links.

This might (and possibly will) destroy communications with your friends at Google Talk, since up to now they (Google) do not support TLS on their s2s side of XMPP.

Discussion about this test day can also be found at the XMPP operators list:

Roster Versioning temporarily disabled

Posted by – November 18, 2013

Flattr this!

This morning we temporarily disabled Roster Versioning (XEP-0237) since it wasn’t working and only threw client errors when requested.

Recent downtimes

Posted by – November 11, 2013

Flattr this!

Just in case you haven’t noticed: We’re experiencing quite a nasty bug (maybe, not proven yet) inside ejabberd which leads to a) ejabberd eating all of the available memory and b) afterwards having one thread run at 100% CPU. At this time, ejabberd stops forwarding packets and accepting new connections.

Just to keep you informed.

P.S.: We do have a Twitter account that might (!) have more up-to-date information than you can find in this blog: