I run a public installation of Rocket chat which has been spammed with malicious links for weeks now, this is causing my honest users to leave and stop using the chat.
This is of course a major problem and what’s worse is that I can’t find their IP’s to ban them permanently. I’m sure they use a number of IP addresses but it’s the only option I have left as they simply log in with a new anonymous user account within a second if I “ban” them from the chat now.
Does anyone have any pointers how I can find the IP addresses of these users? I’ve looked through the nginx access logs but it’s difficult to map the requests the users make to the malicious users.
Any help would be much appreciated as I feel this could ruin my service completely if not handled.
Server Setup Information
- Version of Rocket.Chat Server: 0.74.3
- Operating System: Ubuntu
- Deployment Method: Docker-compose
- Proxy: Nginx