I see several users being created daily in my Openfire, some with a generic name or openfiresupport, where they upload a plugin and then stop accessing it, is it some malware? how do i prevent external connection?
I removed the users and they are always recreated.
Sorry to hear about the problems, Paulo.
The root cause of this is CVE-2023-32315, please read the security advisory as soon as you can, it covers the steps you need to take to block this activity:
We’ve had an important security issue reported that affects all recent versions of Openfire. We’ve fixed it in the newly published
4.6.8 and 4.7.5 releases. We recommend people upgrade as soon as possible. More info, including mitigations for those who cannot upgrade quickly, is available in this security advisory: CVE-2023-32315: Administration Console authentication bypass.
Related to this issue, we have also made available updates to three of our plugins:
Random Avatar plugin version 1.1.…
I disabled external access which was rarely used as a stopgap until I managed to update Openfire, Thanks!