XMPP Service Operators - 2017-11-30

  1. edhelas

    spam spam spamm

  2. ThurahT

    yeah, my jabber.org account is set to deny all but contacts in roster now. It has really picked up the last two weeks.

  3. ThurahT

    never knew there were so many servers out there. Or at least domains.

  4. Ge0rG

    ThurahT: hard to find new contacts this way, though

  5. mrDoctorWho

    I thought the jabber spam era has ended years ago

  6. Ge0rG

    mrDoctorWho: there is a new spam era now

  7. mrDoctorWho

    I wonder what they're trying to achieve

  8. Ge0rG

    run by a bunch of Russian spammers, advertising for illegal services, credit card dumps and drugs

  9. mrDoctorWho

    Oh, yes indeed, now I remember

  10. mrDoctorWho

    I had a jid on jabber.ru and I was receiving such spam too

  11. ThurahT

    Ge0rG: I got movim for that : )

  12. Ge0rG

    just in: message from user763@pvpctutorials.de/nfWTmyU, body contains "Качественная рассылка по jabber // jabber advertising // https://pastebin.com/raw/hHmFT5Xh"

  13. edhelas

    ThurahT Movim is not spamming, we are just mining BTC and transfering them directly to our wallet :)

  14. ThurahT

    I approve

  15. mrDoctorWho

    Back in the days, when spam usually didn't come out of chatrooms, most of them had their ban lists full of servers with open registration

  16. ThurahT

    : )

  17. Ge0rG

    send a jabber message to 250k contacts for only 20$ in BTC

  18. Ge0rG

    or two-hours XMPP flood for only 10$

  19. edhelas

    I'm wondering if we could define together rules to allow S2S

  20. Ge0rG

    I really need a way to inject subscription-rejections based on that

  21. Ge0rG

    MattJ: please? :D

  22. edhelas

    because a bunch of those servers doesn't seems legit by just having a look at the domain

  23. Ge0rG

    edhelas: I'm pretty sure those are just semi-abandoned IBR servers.

  24. edhelas

    not sure

  25. Ge0rG

    spam from='helpdesk@freiebaptisten.de/312425043290271873351426'. What. The. Fun.

  26. edhelas

    they maybe have a script to create domains on the fly, put a letsencrypt certificate and boom

  27. Ge0rG

    edhelas: yeah sure.

  28. Ge0rG

    or they just spam IBR domains.

  29. edhelas

    you have a fully legit XMPP server

  30. edhelas

    I think that IBR should be deprecated

  31. Ge0rG

    edhelas: let's just deprecate XMPP altogether. We don't need new users, and neither existing ones

  32. edhelas


  33. Ge0rG

    the problem isn't IBR, the problem is unlimited IBR and abandoned servers

  34. Ge0rG


  35. mrDoctorWho

    edhelas: such spam would be non-profitable

  36. Ge0rG

    also dumb default configurations

  37. Ge0rG

    from='redirect485@xjabber.org/KwdwovgL' from='info847@legalize.li/2fo6m' from='user173@jabber.tanjeff.net/lXqCN9'

  38. mrDoctorWho

    Such interesting names

  39. Ge0rG

    If only the XSF had a spam fighting taskforce.

  40. Ge0rG

    Then I could write it down once and not repeat myself every week.

  41. mrDoctorWho

    There is project Providence, but it it's seems abandoned and I don't think it even works

  42. edhelas

    I'm afraid of spam on pubsub as well

  43. edhelas

    I'll restrict publication on my pubsub services from my own xmpp accounts only if it appears

  44. Ge0rG

    Agenda items: 1) disable IBR by default, make sure that private servers have better means, and that for public servers there are appropriate limits in place 2) create automated ways to notify admins of abuse on their servers 3) implement server-side modules that track a remote domain's reputation, maybe even with an export/import feature to share insights with friends. Use that to block old unmaintained IBR servers

  45. Ge0rG


  46. mrDoctorWho

    Ge0rG: the #3 sounds centralized

  47. Ge0rG

    mrDoctorWho: federated, not centralized.

  48. Ge0rG

    mrDoctorWho: like, I trust the admins of xmpp.org and of conversations.im, so I can share my stats with them

  49. mrDoctorWho

    Hmm, makes sense

  50. Ge0rG


  51. Ge0rG

    From that last domain, I had ten different accounts contact yax.im users in the last 10 days

  52. zuglufttier

    I kind of like the idea of a federated blacklist but the whole "web of trust" idea does not really work...

  53. Ge0rG

    zuglufttier: I think it depends on the abstraction level

  54. Ge0rG

    zuglufttier: have a look at email spam RBLs

  55. zuglufttier

    Still, how do I get off that blacklist?

  56. edhelas

    create a new random domain

  57. zuglufttier

    That's what a spammer would do ;)

  58. Holger

    gmail.com immediately responds to my server's stream header with <not-authorized/>. Are they finally closing down s2s?

  59. Zash


  60. Holger

    So others noticed this already? Or is there even some public info?

  61. Zash

    Yesterday(?) in the prosody room

  62. Holger

    Ah, thanks.