-
mimi89999
Hello
-
mimi89999
I'm getting spam from jabber.freenet.de
-
mimi89999
Their site is only in german
-
mimi89999
The same spam service
-
mimi89999
https://clck.ru/SZPyZ
-
octagon
mimi89999: If that .ru link is itself from the spam please in the future use hxxp to prevent misclicks
-
mimi89999
OK. Sorry.
-
404.city
octagon: No, not broken. mod_block_strangers - this is still the only effective method of fighting spam and flooding. It can be enhanced with captcha, which can create an impenetrable borrier.
-
Ge0rG
impenetrable for people who want to talk to you, for sure!
-
404.city
Martin, Spammers are two people. It's even funny that this supposedly creates a problem.
-
404.city
Ge0rG, Reconfigure your client so that he sent the subscription along with the message and then it will not create a problem for you.
-
404.city
Ge0rG, Prosody doesn't have a module similar to mod_block_strangers?
-
Ge0rG
404.city: most clients don't support that. All spammers send a subscription request ahead of actual messages
-
Ge0rG
404.city: I don't care and I don't know.
-
Ge0rG
404.city: it's the wrong approach
-
Ge0rG
404.city: 99% of xmpp spam follows a simple pattern that allows identifying and blocking the bots.
-
Martin
What do you mean?
-
Martin
> 404.city: Martin, Spammers are two people. It's even funny that this supposedly creates a problem.
-
octagon
Is there a bogofilter module?
-
404.city
Martin, The same people are in the back contacts for buying spam.
-
404.city
Ge0rG, How much do you think using subscriptions would reduce the amount of incoming spam?
-
Ge0rG
404.city: I don't understand the question
-
Ge0rG
100% of spam is subscription request, then message
-
Ge0rG
blocking just the message doesn't solve the problem
-
404.city
Ge0rG, The main goal of spammers is to deliver a message. How efficiently do you think messages with blocked strangers would be delivered?
-
Ge0rG
404.city: there are two numbers to consider: false positives and false negatives.
-
Ge0rG
you can block 100% spam by disabling all messaging
-
Ge0rG
but then you also have a 100% false positive blocking rate
-
Ge0rG
with mod_block_strangers, you exclude people who don't want to share presence with you, and you block people who can't solve captchas
-
mimi89999
If we block all messages, we will block all spam messages
-
Martin
404.city: You are aware of creep.im landing on the blocklist as we were not able to reach them due to mod_block_strangers + captcha?
-
mimi89999
Let's make mod_block_all
-
Martin
Exactly. So let's disable s2s and call it a day.
-
Ge0rG
Martin: there will still be local spam bots
-
Martin
Then also disable c2s and you also blocked all spammers on your server.
-
jonas’
Martin, but websockets!
-
Martin
Just pull the network cable on your server. That should be the ultimate spam fighting solution.
-
404.city
Martin, Yes, the captcha module has a bug so it is not usable right now.
-
Ge0rG
`ifconfig eth0 down`
-
jonas’
Ge0rG, that’s so 90ies! `ip link set eth0 down` please.
-
octagon
OK seriously is mod_block_strangers broken or not?
-
404.city
Ge0rG, Why do we need messages from strangers at all? 99% of these messages are flood or spam ....
-
404.city
octagon, captcha broken, modules no
-
octagon
I spent 30mins testing/playing with mod_block_strangers and it seems very unreliable.
-
octagon
404.city: I wrote my own captcha script
-
Ge0rG
404.city: see above. "you exclude people who don't want to share presence with you"
-
404.city
octagon, captcha is other modules
-
Licaon_Kter
octagon: do share ;)
-
octagon
Licaon_Kter: https://github.com/divestedcg/sbnr/blob/master/get_captcha.php
-
octagon
the meat is here https://github.com/divestedcg/sbnr/blob/master/sbnr/captcha.php GPLv3, requires PHP
-
Licaon_Kter
octagon: this is integrated in a website? Would not show on IBR?
-
octagon
Licaon_Kter: nah I made a script for ejabberd that curls the image. It works just fine for ibr. You can try it on my server if you have my jid
-
Licaon_Kter
Thanks
-
404.city
The problem with receiving spam is incorrect access rights. Strangers can send spam, so there is no way to protect yourself from spam as long as strangers can send anything.
-
Licaon_Kter
404.city: everyone is a stranger until you say they ain't
-
404.city
The combination of the module for blocking messages from strangers with limiting the number of subscriptions sent, gives the desired result. One spammer cannot send more than a dozen messages from one account.
-
Licaon_Kter
404.city: share the subscription ejabberd config part
-
Ge0rG
404.city: you can't enforce number of subscriptions on *remote* servers
-
Ge0rG
404.city: and IBR is cheap. spammers are registering thousands of accounts