-
edhelas
is exploit.im legit ?
-
Ge0rG
edhelas: it depends on your moral compass
-
edhelas
tell me more
-
mathieui
we blacklisted it
-
mathieui
I mean, generally we don’t get too much spam from it
-
edhelas
do you have your blacklist published somewhere ?
-
mathieui
on the other hand, they certainly are a first-class offender when it comes to registering automated accounts and then broadcasting stuff to them, either to *relay* spam, for DoS, or other stuff
-
mathieui
and no
-
edhelas
okay
-
mathieui
(being a botnet relay is not really pleasant, so we blacklisted that)
-
edhelas
do you have your rules published somewhere ? I'm interested to maybe put them in my server config as welll
-
mathieui
nope
-
mathieui
we could publish our blacklist, I suppose
-
mathieui
firewall rules are a bit more touchy
-
edhelas
sure
-
zuglufttier
Wouldn't some kind of trusted network be nice?
-
zuglufttier
The whitelist approach ;)
-
mathieui
a whitelist approach is bad for the federation, I would rather not do that
-
zuglufttier
True...
-
edhelas
zuglufttier I got ~160 s2s connections on my server
-
mathieui
we have 2500 s2s connections onr our server
-
Ge0rG
My main issues with such a blacklist are: - who is trustworthy to add entries? - where do you put the line? - how can people get off the list?
-
mathieui
well, exploit.im being a vanity badge for black hats, I don’t think they will get off my list
-
edhelas
is there other servers like this ?
-
Ge0rG
edhelas: xmpp.jp seems popular among spammers as well
-
Ge0rG
but I don't think they are shady per-se
-
zuglufttier
I think the main problem are servers that are not up to date and have no real administrator.
-
Ge0rG
if you blacklist exploit.im, you might offend some kiddies there and get a nice little DDoS.
-
Ge0rG
zuglufttier: 👍
-
zuglufttier
Otherwise, you could use the whitelist approach. Everybody does trust one or two servers in the beginning and so the network will grow quickly.
-
Ge0rG
zuglufttier: that's "web of trust" and it doesn't work for PGP already
-
zuglufttier
And after that: Use a democratic approach. Malicious server can be blacklisted on your server and you could flag them as bad in the whitelist. If the server gets too much bad reputation, it could be removed from the whitelist.
-
zuglufttier
But it really needs active administrators.
-
zuglufttier
And it's problematic in other scenarios :D
-
mathieui
and yes, xmpp.jp is kind of unmaintained
-
zuglufttier
We could introduce blockchains to remove the need for a central withelist server. But again, this is not a perfect solution...
-
edhelas
please dont bring blockchain in the discussion…
-
Ge0rG
zuglufttier: we can just store our messages in the blockchain. Problem solved.
-
Ge0rG
I never finished the xmpp-message-proof-of-work XEP :(