-
Anas
HELP! Hey guys, my server running 3k users now, and suddenly the delivery for the messages very slow now Any thoughts please
-
TMakarios
Anas: What software is running your server?
-
tom
^
-
bastoon
Anas: RAM overflows on SWAP?
-
tom
Running out of dedotated wam fo servah
-
404.city
Anas. 3K online or 3K all?
-
arne
Hi, I hope not to disturb but maybe can anyone give me some time to check my xmpp server in the point of security? 😀 I think it's pretty fine now, I get 100% on every test I made so far.
-
Ge0rG
creep.im: https://github.com/JabberSPAM/blacklist/commit/70c122e02c297803e94aa90b5849d538b269761e
-
creep.im
Ge0rG: yes, I was informed already. I believe this is a good thing until we have means to automatically block spammers on the origin server
-
Ge0rG
I've seen >1000 bots from creep.im in the last two weeks
-
creep.im
yes, it's pretty popular with both spammers and real people
-
creep.im
no hard feelings about inclusion into the spam list therefore
-
creep.im
cool, I'll block these right away
-
Ge0rG
thanks
-
Ge0rG
it's nice to have a short contact way for reports, like in this MUC
-
creep.im
you can add me directly: a@creep.im. I'm not available all the time though
-
Ge0rG
yay! a captcha!
-
creep.im
it worked
-
Martin
creep.im: > you can add me directly: a@creep.im. I'm not available all the time though I got spammed by your captchas 😄
-
Martin
But I also sent you emails.
-
creep.im
Martin: since we are at it right now, I think it's a good thing to connect now. you have only to solve captcha once
-
Martin
I solved it at least three times and got still spammed by captcha requests. 🤔
-
Martin
https://files.mdosch.de:5281/upload/D0A-Awp2wqJC8Dnv/Screenshot_20201011-141025_Conversations.png
-
creep.im
well, we just connected with Ge0rG just fine right now
-
creep.im
Martin: you can send me your JID privately and I will add you myself first, this should work
-
Martin
Wouldn't work, as creep.im is on the blocklist now.
-
creep.im
🙂
-
Martin
But it's the same as my email martin@mdosch.de
-
creep.im
good to know 😅
-
creep.im
but yeah, you can always drop me messages via email
-
Martin
Did my emails to a arrive? I didn't get any error bounce so I assume they did.
-
creep.im
yes, I can see your emails
-
Martin
I think I reported two or three times spammers and one time complained about the captcha spamming (see screenshot I shared earlier) which really pissed me off. 😂
- Martin really dislikes mod_block_strangers
-
creep.im
the only action I can take is to block this one spammer JID you mentioned in your fourth email
-
Martin
fweslty@creep.im (1. Email) lifelockt@creep.im (2. Email), Complaint about captcha spamming (3. Email). I don't see a fourth email in my sent folder. :-/
-
creep.im
it's actually third. I see you first email was not specifically to me, but to the Operators list✎ -
creep.im
it's actually third. I see that your first email was not specifically to me, but to the Operators list ✏
-
creep.im
it's actually third. I see that your first email was not addressed specifically to me, but to the Operators list ✏
-
creep.im
lifelockt is banned now
-
Martin
Thanks :)
-
Martin
creep.im: As my server has not yet fetched the updated blocklist I tried again. I successfully filled the captcha but I get > 26.11.20 15:23:12 ! Error from a@creep.im: Messages from strangers are rejected
-
Martin
https://files.mdosch.de:5281/upload/ND6UJqwDp-2ONS7d/2020-11-26-152446_scrot.png
-
creep.im
I can see your request
-
creep.im
added you back
-
alpha_dead
hello guys, I'm trying to understand if my router is the culprit for my ejabberd server no to be available in my LAN when not specifying the local IP in the client as the host. Some of you were suspecting a hair-pinning issue with my consumer router, so as suggested I used tcpdump on port 5222 and tried to connect. I was supposed to check if the local IP would be issued instead of the external IP by the client. I have a log now, but I'm not really sure. I get the external IP most of time, the local appeared here and there but it's really not predominant. So I'm confused now.. do I have a hair-pinning problem?
-
alpha_dead
I tried to specify the LAN IP of the server in the client and sniffed the packets with tcpdump, now I only get the LAN IP of my xmpp client, and the client does connect to ejabberd, while I get the "Server not found" error in Conversations if I leave the host unspecified. Could it be a DNS issue?
-
mjk
alpha_dead: did you limit tcpdump to only incoming packets? I'm not an expert, but `tcpdump -n#Q in` gives me lines like the following one when I connect to a local http server from the same network, using the router's public addr: `38 17:36:41.014306 IP 192.168.0.1.40401 > 192.168.0.42.443: Flags …` (Where 192.168.0.1 is the router's internal addr, and 192.168.0.42 is server's) And the server's logs confirm a connection from 192.168.0.1:40401. Needless to say, everything works.
-
mjk
That is, I don't see the router's external address anywhere at all
-
mjk
You should probably disable 5222 forwarding for the time of testing, so there would be no noise✎ -
mjk
You should probably disable 5222 forwarding for the time of testing, so there would be no noise from actual external connections ✏
-
Licaon_Kter
mjk: umm, maybe not a good idea, since you connect to domain:5222
-
Licaon_Kter
alpha_dead: you already tried to search "my router model nat" ?
-
mjk
Licaon_Kter: Oh yeah, that could introduce false negatives
-
alpha_dead
Licaon_Kter, I have a NAT/PAT section in my router advanced panel, that's where I do the port-forwarding though
-
alpha_dead
I'm trying with mjk's filter with tcpdump now
-
alpha_dead
mjk, by using your filter I get the same output, external IP:random port > external IP:5222
-
alpha_dead
from time to time I get the pattern external IP:random port > local IP:5222, but only here and there
-
alpha_dead
I couldn't set up proper SRV records due to Webmin limitations, I'm waiting for the company to write them properly, now I'm using the xmpp.domain.tld in my client to connect from outside of the network. I can connect with no issue but I plan on fixing it. I'm wondering if this might cause problems locally
-
alpha_dead
Licaon_Kter, maybe you were suggesting something more, I'll research the exact model. It's a consumer HUAWEI router, nothing enteprise-grade
-
alpha_dead
SAGEMCOM✎ - alpha_dead
-
alpha_dead
Not a HUAWEI, I'm sorry. I got confused, it's a Sagecom ✏
-
mjk
> external IP:random port > external IP:5222 Wait wat. Just to make sure: you run tcpdump on the server machine, and the server machine ≠ router, right?
-
mjk
If that's the case, then it seems something really is wrong with the router
-
mjk
alpha_dead: I remember you saying it's rented, so not sure if your ISP would allow flashing a decent firmware (openwrt, dd-wrt...)
-
bastoon
alpha_dead: do you have same behavior with a HTTP server? I'd advice focusing on testing with such a simpler protocol to check NAT on a non standard (80,443) port.
-
alpha_dead
bastoon, I might indeed test with an http server to make sure, also.. I could host a Converse.js instance
-
bastoon
Yes that would push away the dns SRV and TLS issues. Use only http and not https. For your router perform all tests (http and XMPPs) without any "firewall", "syn flood" enabled broken features.
-
bastoon
Always reboot router after each router configuration modification.
-
alpha_dead
bastoon, then I will use a non-standard port for an apache2 website, that's the daemon I have at hand
-
bastoon
👍 Try the inside / outside network case with http://blabla:port