-
ruety
tom could you share your xmpp server address?
-
pod
tom: i'd be interested in that as well
-
mimi89999
Are admins of jabber.cd or creep.im here?
-
a
mimi89999: hey there, I'm creep.im admin
-
mimi89999
a: I tried contacting you, but when I send try to subscribe, I get a message asking to fill a captcha. If I fill it and try to subscribe again, I get that message again. If I just try to send a message I get another error
-
mimi89999
Messages from strangers are rejected.
-
a
mimi89999: are you admin of jabjab.de? just guessing
-
mimi89999
No
-
a
okay
-
mimi89999
Private server.
-
a
anyway, captcha protection should be working fine, but apparently it does not, for everyone which is a bummer✎ -
a
anyway, captcha protection should be working fine, but apparently it does not work for everyone which is a bummer ✏
-
mimi89999
https://lebihan.pl/xmpp-upload/index.php/4e9729b9-3526-42fb-9f5b-553562744e46/russian_spam.txt
-
mimi89999
This is my issue.
-
a
can't download that
-
a
maybe share a link?
-
mimi89999
http://paste.debian.net/1153363/
-
mimi89999
a: Here you are.
-
a
ah, okay downloaded now
-
a
mimi89999: which software do you use for your server?
-
a
test
-
mimi89999
Prosody
-
a
got it, typical spam
-
mimi89999
Could you do something?
-
a
I do believe there is an anti-spam module for Prosody. did you check it?
-
a
I use similar module on creep.im
-
mimi89999
Did you block that account?
-
a
no, not yet. but the problem is that you can block account, but it's virtually impossible to block the spammer behind it
-
a
due to the open nature of the server
-
a
everyone can register account in a minute or so
-
a
so blocking on the origin server is possible, but frankly it's meaningless
-
mimi89999
Hmm. Did you consider trying to automatically detect them? If just after registering they send the same message to a dozen JIDs offering things, then probably it is a spammer?
-
a
no, I didn't write my own anti-spam module
-
a
also, your proposed solution does require looking into each message of each user
-
a
and I prefer not to do that
-
tom
a: you might have to make a compromise there. As long as you keep the antispam detection in memory and never write out to nonvolatile storage you should bee good privacy wise. Parsing the body of messages is 75% of email heuristic spam detection
-
tom
What you could probably do is have a DistributedClearingHouse type system where you fuzzyhash messages going through your server, and if someone is sending a lot of the same messages to people you can know without disclosing private contents
-
tom
One of the mechanisms used for stopping spam with SMTP https://www.rhyolite.com/dcc/
-
tom
Another thing you could try is if right after they join they start messaging +50 jids that's not something a human can do
-
Link Mauve
Except if they were switching accounts, and noticing all of their former contacts.
-
a
that sounds like a nice project, but I'm not that fluent in Erlang and still have rather keep all messages private
-
a
I think that an installation of the already existing and working anti-spam modules will work perfectly done in this case✎ -
a
I think that an installation of the already existing and working anti-spam module will work perfectly done in this case ✏
-
a
I think that an installation of the already existing and working anti-spam module will work perfectly fine in this case ✏
-
Ellenor Malik
Schroedinger's chat has crasht