XMPP Service Operators - 2018-11-14

  1. edhelas


  2. edhelas

    same for me

  3. edhelas

    draugr.de, unstable.nl...

  4. edhelas

    looks like I'll have to put some more servers on the blacklist

  5. Licaon_Kter

    edhelas: did you contact the admins?

  6. edhelas

    :3 natuulijk

  7. Licaon_Kter

    edhelas: and the spam continued because they did nothing so off to the ban list? Hmmm

  8. edhelas

    for now I just contacted them

  9. edhelas

    let's see

  10. edhelas

    but if I still have spam

  11. edhelas

    then it's blacklist yes

  12. Ge0rG

    I've got a spam escalation process of: 1. try to contact server admin (XEP-0157, website), wait up to a week 2. contact the server IP abuse department, wait up to two weeks 3. blacklist the server (not yet implemented)

  13. Ge0rG

    Also an internal spam tracking tool

  14. Ge0rG

    it's not perfect yet, but it allows tracking progress of the domain and IP admins.

  15. Ge0rG

    Also could somebody please report 0nl1ne.cc and blackjabber.cc to leaseweb abuse, because they are only forwarding my reports to the server owners instead of shutting the f***ing spam boxes down.

  16. edhelas

    blackjabber.cc is blacklisted

  17. Ge0rG

    edhelas: according to the Manifesto, I'd like to maintain a common and public list of blacklisted domains, including at least a reference to the previous escalation process

  18. edhelas

    is this list somewhere ?

  19. edhelas

    the issue about exposing that list is that the spammers can easily know how to circumvent it :)

  20. Ge0rG

    edhelas: circumvent it by... going to other unmaintained IBR-enabled servers?

  21. Link Mauve

    edhelas, I meant spammy IBR registrations, not spam from other servers.

  22. Ge0rG

    Link Mauve: what's the difference?

  23. Link Mauve

    Even though the former is probably the first step to the latter.

  24. Link Mauve

    Ge0rG, one happens on my server and I can block it immediately, the other will go on for years.

  25. Ge0rG

    Link Mauve: just put your own domain on the blocklist. All problems solved.

  26. edhelas

    IBR registration is just not a good idea to me anymore

  27. edhelas

    not without at least a captcha or something like that

  28. Link Mauve

    edhelas, CAPTCHA doesn’t do anything.

  29. Link Mauve

    We didn’t have fewer successful account creation before we disabled it.

  30. Link Mauve

    And as a user it’s painful for no benefit.

  31. Link Mauve

    (Except to Google.)

  32. edhelas

    I'm wondering if in the process of checking if a server is "spam risky" or not, having IBR enabled would not lower the score automatically

  33. Ge0rG

    edhelas: I run an IBR server and have got zero spam bot registrations in the last three months or so, because I'm preventing most spam delivery

  34. Link Mauve

    They don’t seem to know that about my server.

  35. Ge0rG

    ingress spam stats from last two weeks on yax.im: messages bots domain ---------- ---------- ------------------------------------ 5741 1153 otr.chat 3742 1403 0nl1ne.cc 3661 1738 blackjabber.cc 2974 2268 jabberes.org 2968 917 aquilius.de 1438 555 jabber.ipredator.se 1372 982 legalize.li 1353 523 fin77.info 1282 473 kommandostab.de 1216 605 jabber.sampo.ru

  36. edhelas

    what tool are you using to detect spam ? it's with ejabberd ?

  37. Ge0rG

    edhelas: it's based on prosody mod_firewall

  38. Ge0rG

    Error> No Contact Addresses for otr.chat

  39. Licaon_Kter

    Let me say it again, force "OMEMO on for the first message"...zero spam until they implement it in all sorts of bot clients ;) then we reap the benefits of free libs :D

  40. Link Mauve

    Licaon_Kter, zero message from most of my users either then.

  41. Link Mauve

    You could as well block s2s with me.

  42. Licaon_Kter

    Clearer...unless it answers in the first message with captcha or 1+1=2 any messages (not to admin) are blocked.

  43. Ge0rG

    is there a website on otr.chat? I'm on a limited wifi currently

  44. Link Mauve

    Yes, but An error occurred during a connection to otr.chat. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

  45. Licaon_Kter

    Link Mauve: why? No Gajim? No Converse? No ChatSecure? No Dino?

  46. Ge0rG

    Licaon_Kter: "zero communication until everybody leaves XMPP"

  47. Licaon_Kter

    Link Mauve: not s2s...not sure you got my idea

  48. Link Mauve

    Licaon_Kter, there are some Gajim and some Conversations, the other ones you quoted are insignifiants in my client stats, and most messages are using OTR or plain text.

  49. Holger

    Link Mauve: I understand your point about IBR being painful for users, but if you're saying it's not painful for today's spammers I think that's just plain wrong.

  50. Link Mauve

    Heck, there are more messages sent using legacy PGP than with OMEMO.

  51. Link Mauve

    Holger, CAPTCHA*.

  52. Licaon_Kter

    Link Mauve: ok, and it kills them to enable OMEMO for 1 message?

  53. Ge0rG

    Licaon_Kter: a security question would be a good trade-off between just blocking everything incoming and a proper spam filter

  54. Holger

    Link Mauve: Indeed :-)

  55. Link Mauve

    Licaon_Kter, probably yes.

  56. Licaon_Kter

    Ge0rG: yes... That..but I upped the hardness by OMEMO...

  57. Ge0rG

    Holger: IBR is painful for users?

  58. Licaon_Kter

    Link Mauve: oh Fffs go back to Watsayp

  59. Holger

    Ge0rG: CAPTCHA.

  60. Link Mauve

    Licaon_Kter, see https://stats.jabberfr.org/d/000000002/jabberfr?panelId=36&fullscreen&orgId=1 for live message statistics.

  61. Link Mauve

    Licaon_Kter, why would I tell that to my users?

  62. Licaon_Kter

    Link Mauve: I didn't say that

  63. Link Mauve

    (You can Ctrl-click on the yellow “message” at the bottom to only see statistics about messages with a body-like element being transferred.)

  64. Licaon_Kter

    Link Mauve: but I had my share of captchas and really....I'm fedup with those too.

  65. Licaon_Kter

    Link Mauve: ctrl on mobile? Yeah

  66. Ge0rG

    is there anybody in this room actually doing something against spam? reporting abuse to server admins / hosting companies? making usable plugins or filters?

  67. Link Mauve

    Ge0rG, I am.

  68. Ge0rG pulls a number at OVH now.

  69. Ge0rG

    okay, otr.chat has hello@otr.chat as the contact email. Dumped the JID list to them.