can someone help me diagnose a correct-password unauthorized problem?
stvnhas left
stvnhas joined
Steven Roosehas left
solhas left
Ellenor Malikhas left
podhas joined
Ellenor Malikhas joined
pintoseskhas left
stefanhas joined
wladmishas left
loopboomhas left
ibikkhas joined
kusonekohas left
kusonekohas joined
Huxxhas joined
Menelhas joined
lorddavidiiihas joined
some1has joined
Douglas Terabytehas left
Douglas Terabytehas joined
stvnhas left
ru_maniachas left
Licaon_Kterhas joined
openchathas joined
TMakarioshas left
TMakarioshas joined
ru_maniachas joined
solhas joined
stvnhas joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
some1has left
some1has joined
nickomemohas left
nickomemohas joined
nickomemohas left
derventiohas joined
openchathas left
openchathas joined
jayteeukhas left
jayteeukhas joined
Martinhas left
Martinhas joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
lorddavidiiihas left
raghavgururajanhas left
mjkhas joined
openchathas left
j.r (jugendhacker.de)has left
j.r (jugendhacker.de)has joined
guus.der.kinderenhas left
Menelhas left
404.cityhas joined
404.cityhas left
lorddavidiiihas joined
jayteeukhas left
jayteeukhas joined
froghas joined
derventiohas left
derventiohas joined
mehdihas left
stvnhas left
Ge0rGhas joined
j.r (jugendhacker.de)has left
stvnhas joined
j.r (jugendhacker.de)has joined
junaidhas left
86ulhas joined
junaidhas joined
rom1dephas joined
henrikhas joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
Steven Roosehas joined
abidal3has joined
junaidhas left
junaidhas joined
madmalkavhas joined
j.r (jugendhacker.de)has left
jayteeukhas left
jayteeukhas joined
nickomemohas joined
creep.imhas left
creep.imhas joined
j.r (jugendhacker.de)has joined
rom1dephas left
qnixhas left
qnixhas joined
stvnhas left
xihas left
jayteeukhas left
jayteeukhas joined
Ellenor Malikhas left
Ellenor Malikhas joined
stvnhas joined
jayteeukhas left
jayteeukhas joined
Viktor Lindberghas left
Viktor Lindberghas joined
jayteeukhas left
jayteeukhas joined
neoxhas joined
qnixhas left
stvnhas left
abidal3has left
jayteeukhas left
jayteeukhas joined
stvnhas joined
jayteeukhas left
jayteeukhas joined
ajeremiashas joined
ntuseracchas joined
lorddavidiiihas left
stvnhas left
stvnhas joined
Menelhas joined
qnixhas joined
derventiohas left
qnixhas left
ajeremiashas left
lorddavidiiihas joined
qnixhas joined
stvnhas left
stvnhas joined
pintoseskhas joined
qnixhas left
stvnhas left
patascahas joined
mehdihas joined
qnixhas joined
qnixhas left
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
loopboomhas joined
stefanhas left
loopboomhas left
loopboomhas joined
stefanhas joined
stvnhas joined
some1has left
patascahas left
stvnhas left
presprouthas left
loopboomhas left
patascahas joined
qnixhas joined
inkyhas left
mss_cyclisthas left
mss_cyclisthas joined
stvnhas joined
froghas left
some1has joined
Krishas joined
patascahas left
mehdihas left
Menelhas left
nickomemohas left
Viktor Lindberghas left
Viktor Lindberghas joined
froghas joined
lorddavidiiihas left
stevenhas joined
mimi89999
https://is.gd/SyJF9o
mimi89999
Is that the Jabber spam service?
mimi89999
BTW, got spam from `intercoracoid@404.city`.
some1has left
mimi89999
real and rare
Ge0rG
mimi89999: that's a jabber spam service indeed
ntuseracchas left
mimi89999
Can the operators of those servers remove their accounts or we block their servers?
mimi89999
Who is the admin of 404 city?
Ge0rG
he's often here as 404city
Beherithas left
mimi89999
I'm flooded with spam from that server now.
mimi89999
Like one message every 10 sec
Beherithas joined
Ge0rG
mimi89999: from the same account or from different ones?
patascahas joined
mimi89999
Where is he?
mimi89999
Same
Ge0rG
mimi89999: I've pinged the admin now
tom
Yes there's a channel
tom
A process
tom
You have to give them some time to proccess the abuse request though before they get in a blocklist
mimi89999
OK. Can you link the channel/form/whatever?
kikuchiyohas left
tom
What's that private spamfighting muc on yax.im again?
tom
I got an invite ounce but forgot about it
some1has joined
lorddavidiiihas joined
Ge0rG
it doesn't exist any more
tom
mimi89999: https://github.com/JabberSPAM
mimi89999
How to quickly block a JID server level?
tom
With mod_firewall
tom
Or for a specific account
tom
https://xmpp.org/extensions/xep-0191.html
antranigvhas joined
some1has left
some1has joined
ajeremiashas joined
froghas left
mimi89999has left
patascahas left
patascahas joined
mimi89999has joined
kikuchiyohas joined
kikuchiyohas left
patascahas left
patascahas joined
some1has left
stvnhas left
stvnhas joined
some1has joined
kikuchiyohas joined
kikuchiyohas left
lorddavidiiihas left
kikuchiyohas joined
kikuchiyohas left
raghavgururajanhas joined
raghavgururajanhas left
raghavgururajanhas joined
kikuchiyohas joined
kikuchiyohas left
kikuchiyohas joined
kikuchiyohas left
kikuchiyohas joined
kikuchiyohas left
some1has left
netbk.dehas left
Ge0rGhas left
patascahas left
patascahas joined
jayteeukhas left
jayteeukhas joined
jayteeukhas left
stevenhas left
jayteeukhas joined
raghavgururajanhas left
raghavgururajanhas joined
lorddavidiiihas joined
some1has joined
Ge0rGhas joined
stvnhas left
stevenhas joined
stvnhas joined
some1has left
some1has joined
kikuchiyohas joined
kikuchiyohas left
jayteeukhas left
jayteeukhas joined
xihas joined
jayteeukhas left
jayteeukhas joined
kikuchiyohas joined
kikuchiyohas left
jayteeukhas left
jayteeukhas joined
patascahas left
patascahas joined
some1has left
inkyhas joined
patascahas left
patascahas joined
kikuchiyohas joined
kikuchiyohas left
rom1dephas joined
kikuchiyohas joined
kikuchiyohas left
kikuchiyohas joined
kikuchiyohas left
some1has joined
some1has left
kikuchiyohas joined
kikuchiyohas left
solhas left
solhas joined
patascahas left
patascahas joined
rom1dephas left
froghas joined
kikuchiyohas joined
kikuchiyohas left
kikuchiyohas joined
kikuchiyohas left
some1has joined
kikuchiyohas joined
kikuchiyohas left
perflysthas joined
guus.der.kinderenhas joined
kikuchiyohas joined
kikuchiyohas left
kikuchiyohas joined
kikuchiyohas left
ajeremiashas left
alienhas left
alienhas joined
guus.der.kinderenhas left
kikuchiyohas joined
kikuchiyohas left
lorddavidiiihas left
lorddavidiiihas joined
wladmishas joined
kikuchiyohas joined
kikuchiyohas left
ntuseracchas joined
kikuchiyohas joined
kikuchiyohas left
perflysthas left
patascahas left
patascahas joined
rom1dephas joined
some1has left
kikuchiyohas joined
kikuchiyohas left
jayteeukhas left
jayteeukhas joined
froghas left
kikuchiyohas joined
kikuchiyohas left
qnixhas left
qnixhas joined
kikuchiyohas joined
kikuchiyohas left
kikuchiyohas joined
kikuchiyohas left
kikuchiyohas joined
kikuchiyohas left
Viktor Lindberghas left
Viktor Lindberghas joined
patascahas left
patascahas joined
kikuchiyohas joined
Menelhas joined
kikuchiyohas left
rom1dephas left
kikuchiyohas joined
kikuchiyohas left
lorddavidiiihas left
lorddavidiiihas joined
patascahas left
patascahas joined
kikuchiyohas joined
kikuchiyohas left
henrikhas left
kikuchiyohas joined
kikuchiyohas left
nickomemohas joined
lorddavidiiihas left
henrikhas joined
kikuchiyohas joined
kikuchiyohas left
kikuchiyohas joined
kikuchiyohas left
kikuchiyohas joined
kikuchiyohas left
bastoon
> mimi89999: https://github.com/JabberSPAM
Should it rather contain only registered domain names (to ICANN registrars) and not sub-domains?
This might break implementations if you change the format in a hurry (and that probably will one day).✎
kikuchiyohas joined
kikuchiyohas left
henrikhas left
henrikhas joined
Jonnyhas left
bastoon
> mimi89999: https://github.com/JabberSPAM
Shouldn't it rather contain only registered domain names (to ICANN registrars) and not sub-domains?
This might break implementations if you change the format in a hurry (and that probably will one day). ✏
Jonnyhas joined
qnixhas left
mss_cyclisthas left
mss_cyclisthas joined
bastoon
> mimi89999: https://github.com/JabberSPAM
Why this list contains FQDNs. IMO no need for sub-domains, and only disavantages.
Then if format is changed in a hurry, this may break current implementation (and that probably will one day). ✏
patascahas left
bastoon
> mimi89999: https://github.com/JabberSPAM
Why do this list contain FQDNs. IMO no need for sub-domains, only cons.
Then if format is changed in a hurry, this may break current implementation (and that probably will one day). ✏
Martin
bastoon: Because some xmppds are served on a subdomain.
kikuchiyohas joined
kikuchiyohas left
qnixhas joined
bastoon
Martin: I'm sure spammers will exploit the possibility to infinite subs. Then don't think you'll ever have to consider multiple (sub) servers per names, one being ok, the other one spammer.✎
pintoseskhas left
bastoon
Martin: I'm sure spammers will exploit the possibility to infinite subs. Then I don't think you'll ever have to consider multiple (sub) servers per names, one being ok, the other one spammer. ✏
kikuchiyohas joined
kikuchiyohas left
bastoon
Martin: I'm quite sure spammers will exploit the possibility to infinite subs. Then I don't think you'll ever have to consider multiple (sub) servers per names, one being ok, the other one spammer. ✏
bastoon
Martin: I'm quite sure spammers will exploit the possibility of infinite subs. Then I don't think you'll ever have to consider multiple (sub) servers per names, one being ok, the other one spammer. ✏
kikuchiyohas joined
kikuchiyohas left
Martin
Spammers usually use unmaintained servers with IBR and do not fire up own servers.
Martin
Also there is this case: Befor I was running my xmppd on a shared hoster. If I would not have used my own domain it would have been running at user.tucana.uberspace.de. So if I spam why should the innocent xmppd another-user.tucana.uberspace.de also be blocked?
ajeremiashas joined
bastoon
Because he could fire you from using his domain before being considered as spammer.
Just thought it would be simpler, lighter and more robust against spammer, but surely bad sides to investigate / accommodate.
kikuchiyohas joined
kikuchiyohas left
lorddavidiiihas joined
kikuchiyohas joined
kikuchiyohas left
kikuchiyohas joined
kikuchiyohas left
Menelhas left
Menelhas joined
kikuchiyohas joined
kikuchiyohas left
kikuchiyohas joined
patascahas joined
belovehas left
Ivan A.has left
ntuseracchas left
ntuseracchas joined
ntuseracchas left
froghas joined
ntuseracchas joined
patascahas left
patascahas joined
Martin
> Because he could fire you from using his domain before being considered as spammer.
I don't understand this.
Marandahas left
Beherithas left
Marandahas joined
nickomemohas left
Beherithas joined
86ulhas left
stvnhas left
patascahas left
arne-bruenhas left
kikuchiyohas left
jayteeukhas left
jayteeukhas joined
stvnhas joined
86ulhas joined
jayteeukhas left
jayteeukhas joined
froghas left
qnixhas left
Arnehas left
kikuchiyohas joined
kikuchiyohas left
kahlb
This list even blacklists creep.im, which is one of the more popular public servers (among the gajim Standard Servers). Not a good Idea I think, it might break xmpp
raucao
> it might break xmpp
how so? it merely breaks creep.im if they don't get their spam users under control
raucao
that's what a federation is for
creep.im
creep.im is a known spam server
qnixhas joined
raucao
:)
Martin
kahlb: The issue was that the operator was not reachable on his 0157 contacts. You'll see the history in my MR.
Martin
Unfortunately we found him in here just after it got merged.
bastoon
> I don't understand this.
From your example uberspace.de is still in control to allow/disallow a sub domains (on spam complaining).
patascahas joined
Martin
Yes, that's why you should report spammers. But blocking all operators from one domain because one is spamming is not useful.
ernst.on.tourhas left
ernst.on.tourhas joined
raucao
Operators are free to choose
Arnehas joined
arne-bruenhas joined
Ge0rG
let's block all OVH and Hetzner then?
kikuchiyohas joined
kikuchiyohas left
kikuchiyohas joined
kikuchiyohas left
kikuchiyohas joined
kikuchiyohas left
mathieui
operators being unreachable while their server is used as a spam relay is a valid reason for inclusion in spam lists
kikuchiyohas joined
kikuchiyohas left
kikuchiyohas joined
kikuchiyohas left
Ge0rG
mathieui: how long should one wait to determine "unrechable"?
mathieui
Ge0rG, no available means of contact
mathieui
if one is available, I guess it’s up to you
kikuchiyohas joined
kikuchiyohas left
raucao
> let's block all OVH and Hetzner then?
hetzner do actually block your server's network traffic if you spam their local network
kikuchiyohas joined
kikuchiyohas left
Ge0rG
raucao: but hetzner isn't using xmpp internally.
raucao
comparing someone using a hetzner server to spamming the outside network with the hetzner network itself makes no sense
raucao
the xmpp spam server is not a data center
nickomemohas joined
raucao
it is a specific service running under a specific domain
Ge0rG
raucao: what's your point?
raucao
what is yours
raucao
your comparison was a non-sequitur
jayteeukhas left
jayteeukhas joined
raucao
> operators being unreachable while their server is used as a spam relay is a valid reason for inclusion in spam lists
this is the point that some people seem to disagree with, and so far there were no valid arguments against it brought forward here
kikuchiyohas joined
jayteeukhas left
kikuchiyohas left
jayteeukhas joined
qnixhas left
qnixhas joined
kikuchiyohas joined
kikuchiyohas left
Ge0rG
raucao: my response was to the point about blocking all of uberspace if there are spammy servers on there.
Arne
do those spammers use some settings?
kikuchiyohas joined
kikuchiyohas left
Arne
like a special cipher for prosody
kikuchiyohas joined
kikuchiyohas left
Arne
or a deprecated maybe
kikuchiyohas joined
kikuchiyohas left
Arne
so we need to change all our settings ;D
Ge0rG
Arne: spammers register accounts on free servers.
kikuchiyohas joined
kikuchiyohas left
Ge0rG
Ah, it was strato who requested headers as evidence for the spam I reported.
kikuchiyohas joined
kikuchiyohas left
bastoon
> let's block all OVH and Hetzner then?
OVH automatically forwards whois alias to real mails. I don't get this point.
Moreover XEP (if generalized) make the process operator independent.
nickomemohas left
raucao
> raucao: my response was to the point about blocking all of uberspace if there are spammy servers on there.
sry, i didn't see that someone wanted to block all of uberspace
raucao
i thought it was in response to blocking creep.im
raucao
mea culpa
Ge0rG
bastoon: of the two reports I sent to OVH, one server got shot down, and for the other one I never heard back
nickomemohas joined
antranigvhas left
Ge0rG
kode.im and im.koderoot.net are the #1 and #2 sources of spam for me for the last weeks.
Ge0rG
creep.im is #3. creep.im, wanna have a new list of JIDs to delete?
creep.im
shoot it. you have my JID
Arne
mh, maybe free inbandregistration is not really good xD
mimi89999
BTW, are SPAM reports verified in any way?
mimi89999
Ge0rG: Did 404 admin respond?
Ge0rG
mimi89999: haven't seen them online yet
Ge0rG
Arne: yes, you shouldn't do it if you don't want to be a full time anti-spam admin
Arne
I use my own webregistration combined with some other things
Ge0rG
mimi89999: how would you verify them? I always send logs to the ISP / server admin so they can match against their own logs
antranigvhas joined
stvnhas left
creep.im
I do IBR and I am only removing spam accounts by request
creep.im
it's not much work
creep.im
although this is meaningless: spammers easily create dozens of new accounts
Ge0rG
creep.im: it's only not much work if nobody reports ;)
mimi89999
I used to get spam from creep.im, but I'm not getting anymore
Ge0rG
hundreds.
kikuchiyohas joined
kikuchiyohas left
creep.im
if you care about your users, the best bet to filter spam at the receiving side
creep.im
I told you guys like a million times
nickomemohas left
Ge0rG
creep.im: you mean, each user must filter spam on their own?
creep.im
but for some reason you are afraid of captcha
creep.im
not user. server. there are plugins for that
kikuchiyohas joined
stefanhas left
Ge0rG
captchas are bad for usability
creep.im
you only enter it once
creep.im
not a big deal for usability
Ge0rG
what if you can't read well?
creep.im
you want to create a walled garden without spammers, introducing your custom esoteric registration systems, but his is it different from WhatsApp? it's actually less usable than WhatsApp✎
creep.im
you want to create a walled garden without spammers, introducing your custom esoteric registration systems, but how is it different from WhatsApp? it's actually less usable than WhatsApp ✏
mjk
Ge0rG, creep.im: audio captcha is a thing, too
mimi89999
creep.im: So every time I want to contact a new new account I need to fill a captcha?
Ge0rG
mjk: but not in the typical xmpp captcha "solutions"
Ge0rG
creep.im: my server has IBR and no captchas
creep.im
you fight spammers, but spammers don't care. users are hurt instead
Ge0rG
same with captchas ;)
mimi89999
Would be better to fill the captcha once.
mimi89999
On registration
creep.im
Ge0rG: you have IBR with your custom esoteric filtration system, I heard about it
mjk
Ge0rG:
> but not in the typical xmpp captcha "solutions"
Unfortunately. I was nudging creep.im to think about it :)
creep.im
Ge0rG: now open source it and encourage everyone to use it
Ge0rG
creep.im: I'm doing RBL checks against dnsbl.dronebl.org with ready-made prosody modules
stvnhas joined
creep.im
write an article about it, I don't know. a lot of people have no idea how to approach this problem
oh, spammers are also solving recaptcha to register bot accounts.
Licaon_Kter
Ge0rG:
> I'm doing RBL checks against dnsbl.dronebl.org with ready-made prosody modules
That site is down?
Ge0rG
Licaon_Kter: https://dronebl.org/ - the other one is the RBL address
argon3771has left
argon3771has joined
Licaon_Kter
Oh
creep.im
> creep.im: https://yaxim.org/blog/2020/05/12/new-anti-spam-measures/
great job. someone will definitely find that helpful. although not privacy-oriented operators, who want to keep legitimate Proxy/Tor users using the service
stvnhas left
Ge0rG
creep.im: legitimate Tor users can connect via Tor, join the yaxim support MUC and ask to be unblocked.
creep.im
how do you distinguish if the user is legitimate?
Ge0rG
creep.im: I don't ask questions.
creep.im
also, there may be dozens of such requests
creep.im
on a day
raucao
why would you in the first place. if they spam, the account gets blocked
raucao
tor or not
Ge0rG
creep.im: I had a dozen of such requests since I made that policy
Ge0rG
creep.im: a spammer will register hundreds or thousands of accounts at the same time
creep.im
how many such requests you receive daily?
Ge0rG
creep.im: I had a dozen of such requests since I made that policy
Ge0rG
that's two per month
jayteeukhas left
jayteeukhas joined
creep.im
are there a lot of daily registrations?
qnixhas left
creep.im
proxied and regular
jayteeukhas left
jayteeukhas joined
Ge0rG
100 - 500 per month
Ge0rG
I don't count the proxy registrations, I only count the ones that complain
creep.im
that's manageable
qnixhas joined
stvnhas joined
Ge0rG
I also have hundreds of bot registrations sometimes, so it's hard to tell for sure
creep.im
anyway, you are coming up with your own solutions to a common problem. there should be a universal ready made way of doing this. like a plugin, or a built-in fictionally right in the server(s). manual process is a no go, especially for one-man server operations
Licaon_Kter
creep.im: redo everything on Prosody then, easy :)
Ge0rG
creep.im: I've documented my way and made the tools accessible. Somebody else needs to do the same for ejabberd.
creep.im
Licaon_Kter: it'll still not be automated
Ge0rG
creep.im: spammers will circumvent automated systems
creep.im
somehow I didn't get a single spam message in months...
creep.im
a lot of accounts add me daily
creep.im
I guess miss of them are spammers
abidal3has joined
Ge0rG
I had to solve a captcha before reporting spam to you :P
creep.im
yes, this is how it works
creep.im
my point is that it is automated and it works
Ge0rG
it's automated for you, not for the people who want to talk to you
Ge0rG
well, maybe for the spammers who can just buy captchas for 5$/1000
creep.im: I know that spammers are buying into IBR captchas, because you buy one, and send thousans of spam messages
Beherithas left
Beherithas joined
creep.im
IBR captchas... maybe. but to be able to actually send messages, you have to solve another captcha, also you have to be added by the other party as well
creep.im
only then you are free to chat
nickomemohas joined
creep.im
anyway, this is rather a temporary measure until the real solution will be available
Ge0rG
the real solution: people who don't click on spam
creep.im
"temporary" could mean for next few years...
kusonekohas left
kusonekohas joined
Licaon_Kter
We are well beyond years already
kusonekohas left
kusonekohas joined
lorddavidiiihas left
patascahas left
lorddavidiiihas joined
patascahas joined
ajeremiashas left
jayteeukhas left
jayteeukhas joined
kusonekohas left
kusonekohas joined
kusonekohas left
kusonekohas joined
jayteeukhas left
jayteeukhas joined
kusonekohas left
kusonekohas joined
kusonekohas left
kusonekohas joined
patascahas left
patascahas joined
kusonekohas left
kusonekohas joined
Martin
The captcha spam was the reason I could not contact creep.im
Martin
I got spammed with requests to fill a captcha and did so several times. Still my messages didn't get through. That was pretty annoying and I had to block him to make his server spam me with captcha requests. That's why I contacted him t✎
Martin
I got spammed with requests to fill a captcha and did so several times. Still my messages didn't get through. That was pretty annoying and I had to block him to make his server spam me with captcha requests. That's why I tried to contact him via email. ✏
patascahas left
creep.im
I didn't add you back immediately, that's why you've been "spammed" by captcha
creep.im
better to spam sender with captcha, then the other way around, right?
patascahas joined
seantoddhas left
patascahas left
patascahas joined
Martin
Captchas are just the most annoying UX in spam fighting.
Martin
Those block stranger modules break XMPP.
seantoddhas joined
belonghas left
xihas left
xihas joined
belonghas joined
mjk
Could the invite-only model be the ultimate solution? If, by chance, a rare spammer is invited and then invites a horde of other spammers, the whole sub-tree of accounts can be efficiently truncated manually
mjk
That, of course, requires storing the data on who invited whom
arne-bruenhas left
qnixhas left
mjk
That is, basically, a social graph. A nutritious, concentrated, morsel of user data...
mjk
Ugh.
stevenhas left
belonghas left
arne-bruenhas joined
stvnhas left
stvnhas joined
belonghas joined
Martin
Invitations are nice for family and friends servers but not for public ones.
mehdihas joined
raucao
we have closed regs and just started with invitations. but not public yet
raucao
in the future we're adding lightning network payments for signups
raucao
that way a spammer would have to pay for their account first. that makes it both harder to automate it as well as introduces a cost
raucao
i think users inviting other users is generally a good idea
raucao
obviously having to donate/pay upfront introduces friction, but then again pretty much any effective anti-spam mesure does
raucao
s/mesure/measure
junaid
> better to spam sender with captcha, then the other way around, right?
creep.im: hence why you dont get many spam complaints. Maybe operators choose to block the domain instead?
raucao
i think there are also many other ways to have semi-open signups where it's difficult to create many accounts and also easier to shut spammers down
ntuseracchas left
Martin
The RBL approach seems to work well for Ge0rG in reducing spam bots on yax.im.
stvnhas left
stvnhas joined
mathieui
the RBL approach prevents 99.99% of automated IBR registrations
Steven Roosehas left
Steven Roosehas joined
patascahas left
patascahas joined
bastoon
Or use bitcoin approach to discourage spammers: let the user waste cpu power at registration.✎
bastoon
Or use bitcoin approach to discourage spammers: let the user waste cpu power at registration. But indeed spammer will waste *others* cpu for their benefit ;-) ✏
bastoon
Or use bitcoin approach to discourage spammers: let the user waste cpu power at registration.
But indeed spammers will try to waste your cpu for their benefit ;-) ✏
bastoon
Or use bitcoin approach to discourage spammers: let the user waste cpu power at registration. ✏
mjk
> But indeed spammers will try to waste your cpu for their benefit ;-)
Yeah, botnets are totally immune to proof-of-work-based filtering. Actual payments, though...
j.r (jugendhacker.de)has left
lorddavidiiihas left
lorddavidiiihas joined
raucao
Exactly
j.r (jugendhacker.de)has joined
Beherithas left
vu764hd68fxthas joined
Beherithas joined
froghas joined
qnixhas joined
pintoseskhas joined
ijhas left
patascahas left
patascahas joined
ernst.on.tourhas left
ijhas joined
ernst.on.tourhas joined
openchathas joined
stvnhas left
ibikkhas left
lorddavidiiihas left
jayteeukhas left
jayteeukhas joined
jayteeukhas left
jayteeukhas joined
stvnhas joined
mehdihas left
cuchas joined
thndrbvrhas left
thndrbvrhas joined
patascahas left
patascahas joined
lorddavidiiihas joined
patascahas left
patascahas joined
Beherithas left
Beherithas joined
stefanhas left
patascahas left
patascahas joined
stvnhas left
Krishas left
86ulhas left
tom
bastoon: that doesnt work because you need to mine a whole block to get a payout
bastoon
I'm not talking about Bitcoin directly but proof of work related challenge. So can be adapted to every situation.✎
Beherithas left
bastoon
I was just talking about Bitcoin related principle (rather said proof-of-work). So can be adapted to every situation. ✏
bastoon
I was just talking about Bitcoin related principle (rather said proof-of-work). So can be adapted to every situation.
Ex challenge: find a hash which verify sha-256(JID + random block) < X
With X given by server. ✏
bastoon
I was just talking about Bitcoin related principle (rather said proof-of-work). So can be adapted to every situation.
Ex challenge: find X which verify sha-256(JID + random X < Y
With Y given by server. ✏
bastoon
I was just talking about Bitcoin related principle (rather said proof-of-work). So can be adapted to every situation.
Ex challenge: find X which verify sha-256(JID + random X) < Y
With Y given by server. ✏
stvnhas joined
tom
bastoon:
tom
All this digital methods are not very effective or degrade accessibility in my opinion
tom
And even then
tom
Well
mehdihas joined
tom
It's just a matter of how much of a skid the spammer is
tom
Here's a recommendation and I want to give this to the creep.im admin too
perflysthas joined
tom
In the old days when we wanted to registered for an account on the shared UNIX system we shelled in (can be a special ssh user like registration@yourdomain.tld) and that user was redirected to a terminal forum program
stvnhas left
patascahas left
patascahas joined
tom
You entered the username and other detailed you wanted then you were given a code
tom
In order to activate your account all you had to do was mail a postcard to the sysadmin with that code written on it
tom
You can still anonymously mail letters so this doesn't hurt anonymity
tom
And you can mail letters from anywhere in the world
tom
Postcards are universal
tom
It also gives you an opportunity to build a collage and a better sense of community
tom
When you receive the postcard you just type it into your server to lookup the reg details and activate the account
tom
If you don't get a poscard in 30 days for a code you purge the reg info
tom
Most spammers don't bother when the turing test is in meatspace and costs actual money
Viktor Lindberghas left
tom
Not much mind you postage and a postcard are only a few cents even worldwide postage
jayteeukhas left
jayteeukhas joined
jonas’
doesn’t scale though
tom
Anybody can afford to send a postcard
jonas’imagines handling 1k postcards / day
jonas’
or even per week
Ellenor Malik
:O
jonas’
or month
jayteeukhas left
jayteeukhas joined
tom
jonas’: i doubt that many reges are legit and if your that scale then geeze you would be replacing bigtech and FAANGs
tom
But
tom
If you were
tom
Just replace the postcard with a printable form and buy a SCANTRON machine
tom
The same kind of machine they use for standardized tests
jonas’
SCANTRON :D
raucao
> bastoon: that doesnt work because you need to mine a whole block to get a payout
That's what lightning network is for
raucao
Instant cobfirmation, virtually no fee
tom
This things scale up to nationwide elections
raucao
Extra bonus with LN is that you could block a spammer's LN node, too