We have had a handful of users that have brought our Openfire server down with what looks like a DoS from constant login attempts. They are unaware of any issues and aren’t doing anything malicious. When the event is taking place, we see network traffic spike between our DC and the server hosting Openfire. We also see multitudes of connections by these users in various states in the sessions tab. This is what has me looking at login attempts.
We are forced to block the user and restart the service to alleviate the issue. Any ideas for flood control or diagnosing something like this?
Clients - Pidgin 2.10.3 on Ubuntu
Openfire - 3.7.1
JVM - 1.6.0_18
Server - Windows 2008 R2 SP1, Active Directory integrated
Thanks for any help.