jdev - 2023-07-07

What does it mean?

An image

MattJ, Zash: ^

Maybe we need more folks here who are able to kick/ban spammers.

Are those freaks are only on federated platforms or haven't used centralized ones enough? I hope I will forgot that image 😅

Seriously ...

I never press any link without proper context...

Also, does this room happen to be anonymous?

It is semianonymous, meaning only the mods see the real address

^ Kev MattJ ralphm Zash, we need a ban. also I don't have voice in operators@ but this is probably RTBL material

RTBL?

https://xmppbl.org/ Tobi

Is it only for bare JIDs or also for domains?

I think only users, not domains, but not sure. But at least I don't think it will be used that way. There is already https://github.com/JabberSPAM/resources for that

Right. Domains could also be indirectly deduced. If there are X JIDs on the RTBL with domain Y, consider domain Y also banned. Thanks for the info.

Is there a list/wiki/page somewhere which reference all these URLs?

Conversations seems to be the domain of choice, from the few I've seen dropping unpleasant images recently.

I suspect we're unlikely to start blocking that :)

At some point I think that'd be a valid choice for server admins. I mean if they still want open registration, they at least could limit the HTTP File Upload feature to accounts of certain age or what not.

"Tobi> Is it only for bare JIDs or also for domains?" both.

(xmppbl)

Hi

What is recently going on with these spammers..

*spammer

Summer break probably 🤷️

Now we know why Google continues to invest in GSoC?

MattJ: ?

It keeps bored students from causing trouble on the internet

😂️

Well hello fellow JDev members

> Is it only for bare JIDs or also for domains? Banning domains is almost always the wrong choice. Unless you're *really* sure it's a spam farm only with no legitimate users ↺

Sure. It'd be better of the domain's admin would be more careful not letting spammers on their service.

Maybe, but that isn't really here or there. You can't ban a domain just because some spammers use it. Need to have controls for spam at the receiving side either way no matter what the sending side does

Since spammers can create new servers as fast as they can sign up for new accounts so focussing on one vs the other would paint you into a corner

Do everything all at once!

i don't think they can create new server as they can create new accounts

Hmmmmm :)

> Maybe, but that isn't really here or there. You can't ban a domain just because some spammers use it. Need to have controls for spam at the receiving side either way no matter what the sending side does That's what you can't do with IPv6

Why not?

Because banning the IP itself is impossible. Banning accounts will lead to way too much processing power

2^128 addresses

banning ips is not the best solution anyway

its only temporary at best

Now multiply it with 100 accounts

sagaracharya, in IPv6 you are more likely to ban subnets than individual addresses

The only way is whitelisting

And blacklisting among them

which is often used on IPv4 too

So I have trustworthy xmpp.org , suckless.org, now I can ban msavoritas@suckless.org if he sends unnecessary requests

If I analyze each domain for problems, the computation is way too much!

why do you need to analyze each domain?

I mean all giving requests

msavoritias: Just used you as an example

Analyzing and possibly blocking domains we have an example of what happens down that road and it is the disaster that SMTP has become. In the end the spammers can still send just as much volume from Gmail even with it's tight signup controls and from own-run servers even with mass server blocking in place. So everyone still has to run receiver side controls and they all still get so much spam people are abandoning the network

singpolyma: That is a big issue with having single name for a million computers. Domain name is meant to name a computer

So gmail is not typically meant to have 1M computers

Yes, in that case, one has to ban each accounts based on stuff!

> I use just C and Lua. All other languages and compilers are unnecessarily large! GCC and LLVM are pretty big ↺

> i don't think they can create new server as they can create new accounts Challenge accepted ↺

moparisthebest: hehe. I've thought of building it. I call it the XMPP spam Gatling gun

We've been hit by waves of pretty fast server creation in the past, but I think I could go much faster

well, domain names are expensive, and you can only host this many xmpp servers on free dyndns providers ;)

Do any servers even support banning wildcard domains?

One wildcard cert, don't even need a server, just connect everywhere directly via s2s and start spamming

Thanks for giving spammers ideas!

> Hmmmmm ☺

We've been hit by waves where they got from cheap or free TLDs, but yeah subdimains is easy too

Well this one doesn't seem very technically inclined, it's all manual

why setting up your own server if you can just use IBR on so many abandoned ones?

Better to come up with attacks and mitigations ourselves rather than wait for the attacks

Agree!

> It is semianonymous, meaning only the mods see the real address Is it like that for other rooms, sorry mods but thats fucked up, kinda

forky: it's an unusual feature for sure. Most protocols and products everyone in the room sees everyone's address. XMPP has a special mode that hides addresses from non-mods which has historically been quite popular

Yeah, it sounds much better than other options out there

Sooo, not fucked up, but better then all know alternatives imo