XMPP Service Operators - 2017-11-23


  1. edhelas

    is exploit.im legit ?

  2. Ge0rG

    edhelas: it depends on your moral compass

  3. edhelas

    tell me more

  4. mathieui

    we blacklisted it

  5. mathieui

    I mean, generally we don’t get too much spam from it

  6. edhelas

    do you have your blacklist published somewhere ?

  7. mathieui

    on the other hand, they certainly are a first-class offender when it comes to registering automated accounts and then broadcasting stuff to them, either to *relay* spam, for DoS, or other stuff

  8. mathieui

    and no

  9. edhelas

    okay

  10. mathieui

    (being a botnet relay is not really pleasant, so we blacklisted that)

  11. edhelas

    do you have your rules published somewhere ? I'm interested to maybe put them in my server config as welll

  12. mathieui

    nope

  13. mathieui

    we could publish our blacklist, I suppose

  14. mathieui

    firewall rules are a bit more touchy

  15. edhelas

    sure

  16. zuglufttier

    Wouldn't some kind of trusted network be nice?

  17. zuglufttier

    The whitelist approach ;)

  18. mathieui

    a whitelist approach is bad for the federation, I would rather not do that

  19. zuglufttier

    True...

  20. edhelas

    zuglufttier I got ~160 s2s connections on my server

  21. mathieui

    we have 2500 s2s connections onr our server

  22. Ge0rG

    My main issues with such a blacklist are: - who is trustworthy to add entries? - where do you put the line? - how can people get off the list?

  23. mathieui

    well, exploit.im being a vanity badge for black hats, I don’t think they will get off my list

  24. edhelas

    is there other servers like this ?

  25. Ge0rG

    edhelas: xmpp.jp seems popular among spammers as well

  26. Ge0rG

    but I don't think they are shady per-se

  27. zuglufttier

    I think the main problem are servers that are not up to date and have no real administrator.

  28. Ge0rG

    if you blacklist exploit.im, you might offend some kiddies there and get a nice little DDoS.

  29. Ge0rG

    zuglufttier: 👍

  30. zuglufttier

    Otherwise, you could use the whitelist approach. Everybody does trust one or two servers in the beginning and so the network will grow quickly.

  31. Ge0rG

    zuglufttier: that's "web of trust" and it doesn't work for PGP already

  32. zuglufttier

    And after that: Use a democratic approach. Malicious server can be blacklisted on your server and you could flag them as bad in the whitelist. If the server gets too much bad reputation, it could be removed from the whitelist.

  33. zuglufttier

    But it really needs active administrators.

  34. zuglufttier

    And it's problematic in other scenarios :D

  35. mathieui

    and yes, xmpp.jp is kind of unmaintained

  36. zuglufttier

    We could introduce blockchains to remove the need for a central withelist server. But again, this is not a perfect solution...

  37. edhelas

    please dont bring blockchain in the discussion…

  38. Ge0rG

    zuglufttier: we can just store our messages in the blockchain. Problem solved.

  39. Ge0rG

    I never finished the xmpp-message-proof-of-work XEP :(