I see several users being created daily in my Openfire, some with a generic name or openfiresupport, where they upload a plugin and then stop accessing it, is it some malware? how do i prevent external connection?
I removed the users and they are always recreated.
The root cause of this is CVE-2023-32315, please read the security advisory as soon as you can, it covers the steps you need to take to block this activity: