XMPP Service Operators - 2017-12-13

ok, I start to get many spams that are always coming in pair

a spammy message + invitation

edhelas: invitation or subscription request?

subscriptions

Yeah, annoying. But not useful.

My server only leaves through the subscription requests, because those come first

ok

And there is no easy way to pull them back automatically

lona8798@yax.im

edhelas: already deleted that one.

good

I hate these spammers. They manage spam from the telegram and forums.

404: pardon?

I receive a lot of spam from different servers. Smelly rats.

Spammers are avenging me. I've banned spammers.

And what about Telegram and forums?

I've deleted another 300 spammers on my server today.

Spammers direct the dispatch through a telegram. Telegrams do not ban them.

https://telegram.org/

Lair of spammers

404: I don't understand.

Telegram does xmpp??

No

I know from a reliable source that XMPP spammers use XMPP.

Ge0rG: Spammers are looking for customers in a telegram

404: they are also looking in jabber. I can tell you the JIDs of some spam sending services.

Ge0rG: show JIDs

404: scroll down in https://pastebin.com/EhEFzMQg

telegram @jabservice

Another contact @CyborgHawk

404: there are JIDs in that pastebin

here are two more JIDs: https://pastebin.com/raw/3QsfWC7T

They constantly change Jid. This is one person.

404: I think the two links I gave are different entities.

And then there is https://xmppspam.net/users/sign_in

404: different prices, different contacts

Ge0rG: probably they are different. maybe the base is the same?

404: maybe, maybe not. I don't know

but I do know that you can easily get rid of them by rejecting multi-line messages from strangers.

and messages with pastebin links

Ge0rG: Debian 9 / ejabberd 16.09 does not support this

404: bug zinid over in xsf@

or Holger

Ge0rG: ok

Ge0rG: Thanks

404: in prosody, there is mod_firewall that allows message blocking in very fine-grained ways.

Ah. Failed to figure out the question from reading a few lines of backlog :-)

There's no such ejabberd module unfortunately.

There's mod_block_strangers to ... block strangers.

And blocking strangers is bad for the XMPP ecosystem.

Holger: you could rename it to mod_block_spammers :P

Spam is bad for the XMPP ecosystem as well.

And right now we don't have perfect solutions, so we must resort to workarounds. mod_block_strangers is one of them.

But I don't like/use it myself either.

Holger: you could write mod_block_multiline_strangers

Yes I considered that.

it could even auto-reject a pending subscription from the sender.

I mean, still considering it :-)

Plus maybe another few simple checks.

I.e. poor-man's mod_firewall.

Holger: Wasn't there a Ruby-like Erlang-compatible language? Elixir maybe? Is that DSL-friendly? (Ruby is IIRC)

Yes it is.

That's the #1 feature of Elixir compared to Erlang.

And then you link a Lua runtime into ejabberd.

The rest is just syntax cosmetics.

Ge0rG: We already do (for prosody2ejabberd) :-)

https://github.com/rvirding/luerl

Works quite well.

Holger: you just made my head explode.

Holger: also, you can just provide bindings to mod_firewall with luerl :P

Load Prosody modules in ejabberd?

The p1 blog post will be interesting.

Then call out to some Python via https://pypi.python.org/pypi/lupa/

Sounds great!

"Ejabberd now comes with prosody bundled" makes for some interesting marketing

That kind of thing rarely works out tho

"The next release will also ship Openfire!"

Reminds me of Electron apps.

Java-to-JavaScript thingy and run Openfire in the browser?

https://github.com/hypernumbers/LuvvieScript

404: See, lots of helpful suggestions :-)