-
edhelas
yes
-
edhelas
same for me
-
edhelas
draugr.de, unstable.nl...
-
edhelas
looks like I'll have to put some more servers on the blacklist
-
Licaon_Kter
edhelas: did you contact the admins?
-
edhelas
:3 natuulijk
-
Licaon_Kter
edhelas: and the spam continued because they did nothing so off to the ban list? Hmmm
-
edhelas
for now I just contacted them
-
edhelas
let's see
-
edhelas
but if I still have spam
-
edhelas
then it's blacklist yes
-
Ge0rG
I've got a spam escalation process of: 1. try to contact server admin (XEP-0157, website), wait up to a week 2. contact the server IP abuse department, wait up to two weeks 3. blacklist the server (not yet implemented)
-
Ge0rG
Also an internal spam tracking tool
-
Ge0rG
it's not perfect yet, but it allows tracking progress of the domain and IP admins.
-
Ge0rG
Also could somebody please report 0nl1ne.cc and blackjabber.cc to leaseweb abuse, because they are only forwarding my reports to the server owners instead of shutting the f***ing spam boxes down.
-
edhelas
blackjabber.cc is blacklisted
-
Ge0rG
edhelas: according to the Manifesto, I'd like to maintain a common and public list of blacklisted domains, including at least a reference to the previous escalation process
-
edhelas
is this list somewhere ?
-
edhelas
the issue about exposing that list is that the spammers can easily know how to circumvent it :)
-
Ge0rG
edhelas: circumvent it by... going to other unmaintained IBR-enabled servers?
-
Link Mauve
edhelas, I meant spammy IBR registrations, not spam from other servers.
-
Ge0rG
Link Mauve: what's the difference?
-
Link Mauve
Even though the former is probably the first step to the latter.
-
Link Mauve
Ge0rG, one happens on my server and I can block it immediately, the other will go on for years.
-
Ge0rG
Link Mauve: just put your own domain on the blocklist. All problems solved.
-
edhelas
IBR registration is just not a good idea to me anymore
-
edhelas
not without at least a captcha or something like that
-
Link Mauve
edhelas, CAPTCHA doesn’t do anything.
-
Link Mauve
We didn’t have fewer successful account creation before we disabled it.
-
Link Mauve
And as a user it’s painful for no benefit.
-
Link Mauve
(Except to Google.)
-
edhelas
I'm wondering if in the process of checking if a server is "spam risky" or not, having IBR enabled would not lower the score automatically
-
Ge0rG
edhelas: I run an IBR server and have got zero spam bot registrations in the last three months or so, because I'm preventing most spam delivery
-
Link Mauve
They don’t seem to know that about my server.
-
Ge0rG
ingress spam stats from last two weeks on yax.im: messages bots domain ---------- ---------- ------------------------------------ 5741 1153 otr.chat 3742 1403 0nl1ne.cc 3661 1738 blackjabber.cc 2974 2268 jabberes.org 2968 917 aquilius.de 1438 555 jabber.ipredator.se 1372 982 legalize.li 1353 523 fin77.info 1282 473 kommandostab.de 1216 605 jabber.sampo.ru
-
edhelas
what tool are you using to detect spam ? it's with ejabberd ?
-
Ge0rG
edhelas: it's based on prosody mod_firewall
-
Ge0rG
Error> No Contact Addresses for otr.chat
-
Licaon_Kter
Let me say it again, force "OMEMO on for the first message"...zero spam until they implement it in all sorts of bot clients ;) then we reap the benefits of free libs :D
-
Link Mauve
Licaon_Kter, zero message from most of my users either then.
-
Link Mauve
You could as well block s2s with me.
-
Licaon_Kter
Clearer...unless it answers in the first message with captcha or 1+1=2 any messages (not to admin) are blocked.
-
Ge0rG
is there a website on otr.chat? I'm on a limited wifi currently
-
Link Mauve
Yes, but An error occurred during a connection to otr.chat. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG
-
Licaon_Kter
Link Mauve: why? No Gajim? No Converse? No ChatSecure? No Dino?
-
Ge0rG
Licaon_Kter: "zero communication until everybody leaves XMPP"
-
Licaon_Kter
Link Mauve: not s2s...not sure you got my idea
-
Link Mauve
Licaon_Kter, there are some Gajim and some Conversations, the other ones you quoted are insignifiants in my client stats, and most messages are using OTR or plain text.
-
Holger
Link Mauve: I understand your point about IBR being painful for users, but if you're saying it's not painful for today's spammers I think that's just plain wrong.
-
Link Mauve
Heck, there are more messages sent using legacy PGP than with OMEMO.
-
Link Mauve
Holger, CAPTCHA*.
-
Licaon_Kter
Link Mauve: ok, and it kills them to enable OMEMO for 1 message?
-
Ge0rG
Licaon_Kter: a security question would be a good trade-off between just blocking everything incoming and a proper spam filter
-
Holger
Link Mauve: Indeed :-)
-
Link Mauve
Licaon_Kter, probably yes.
-
Licaon_Kter
Ge0rG: yes... That..but I upped the hardness by OMEMO...
-
Ge0rG
Holger: IBR is painful for users?
-
Licaon_Kter
Link Mauve: oh Fffs go back to Watsayp
-
Holger
Ge0rG: CAPTCHA.
-
Link Mauve
Licaon_Kter, see https://stats.jabberfr.org/d/000000002/jabberfr?panelId=36&fullscreen&orgId=1 for live message statistics.
-
Link Mauve
Licaon_Kter, why would I tell that to my users?
-
Licaon_Kter
Link Mauve: I didn't say that
-
Link Mauve
(You can Ctrl-click on the yellow “message” at the bottom to only see statistics about messages with a body-like element being transferred.)
-
Licaon_Kter
Link Mauve: but I had my share of captchas and really....I'm fedup with those too.
-
Licaon_Kter
Link Mauve: ctrl on mobile? Yeah
-
Ge0rG
is there anybody in this room actually doing something against spam? reporting abuse to server admins / hosting companies? making usable plugins or filters?
-
Link Mauve
Ge0rG, I am.
- Ge0rG pulls a number at OVH now.
-
Ge0rG
okay, otr.chat has hello@otr.chat as the contact email. Dumped the JID list to them.