XMPP Service Operators - 2021-01-18

  1. mimi89999


  2. mimi89999

    I'm getting spam from jabber.freenet.de

  3. mimi89999

    Their site is only in german

  4. mimi89999

    The same spam service

  5. mimi89999


  6. octagon

    mimi89999: If that .ru link is itself from the spam please in the future use hxxp to prevent misclicks

  7. mimi89999

    OK. Sorry.

  8. 404.city

    octagon: No, not broken. mod_block_strangers - this is still the only effective method of fighting spam and flooding. It can be enhanced with captcha, which can create an impenetrable borrier.

  9. Ge0rG

    impenetrable for people who want to talk to you, for sure!

  10. 404.city

    Martin, Spammers are two people. It's even funny that this supposedly creates a problem.

  11. 404.city

    Ge0rG, Reconfigure your client so that he sent the subscription along with the message and then it will not create a problem for you.

  12. 404.city

    Ge0rG, Prosody doesn't have a module similar to mod_block_strangers?

  13. Ge0rG

    404.city: most clients don't support that. All spammers send a subscription request ahead of actual messages

  14. Ge0rG

    404.city: I don't care and I don't know.

  15. Ge0rG

    404.city: it's the wrong approach

  16. Ge0rG

    404.city: 99% of xmpp spam follows a simple pattern that allows identifying and blocking the bots.

  17. Martin

    What do you mean?

  18. Martin

    > 404.city: Martin, Spammers are two people. It's even funny that this supposedly creates a problem.

  19. octagon

    Is there a bogofilter module?

  20. 404.city

    Martin, The same people are in the back contacts for buying spam.

  21. 404.city

    Ge0rG, How much do you think using subscriptions would reduce the amount of incoming spam?

  22. Ge0rG

    404.city: I don't understand the question

  23. Ge0rG

    100% of spam is subscription request, then message

  24. Ge0rG

    blocking just the message doesn't solve the problem

  25. 404.city

    Ge0rG, The main goal of spammers is to deliver a message. How efficiently do you think messages with blocked strangers would be delivered?

  26. Ge0rG

    404.city: there are two numbers to consider: false positives and false negatives.

  27. Ge0rG

    you can block 100% spam by disabling all messaging

  28. Ge0rG

    but then you also have a 100% false positive blocking rate

  29. Ge0rG

    with mod_block_strangers, you exclude people who don't want to share presence with you, and you block people who can't solve captchas

  30. mimi89999

    If we block all messages, we will block all spam messages

  31. Martin

    404.city: You are aware of creep.im landing on the blocklist as we were not able to reach them due to mod_block_strangers + captcha?

  32. mimi89999

    Let's make mod_block_all

  33. Martin

    Exactly. So let's disable s2s and call it a day.

  34. Ge0rG

    Martin: there will still be local spam bots

  35. Martin

    Then also disable c2s and you also blocked all spammers on your server.

  36. jonas’

    Martin, but websockets!

  37. Martin

    Just pull the network cable on your server. That should be the ultimate spam fighting solution.

  38. 404.city

    Martin, Yes, the captcha module has a bug so it is not usable right now.

  39. Ge0rG

    `ifconfig eth0 down`

  40. jonas’

    Ge0rG, that’s so 90ies! `ip link set eth0 down` please.

  41. octagon

    OK seriously is mod_block_strangers broken or not?

  42. 404.city

    Ge0rG, Why do we need messages from strangers at all? 99% of these messages are flood or spam ....

  43. 404.city

    octagon, captcha broken, modules no

  44. octagon

    I spent 30mins testing/playing with mod_block_strangers and it seems very unreliable.

  45. octagon

    404.city: I wrote my own captcha script

  46. Ge0rG

    404.city: see above. "you exclude people who don't want to share presence with you"

  47. 404.city

    octagon, captcha is other modules

  48. Licaon_Kter

    octagon: do share ;)

  49. octagon

    Licaon_Kter: https://github.com/divestedcg/sbnr/blob/master/get_captcha.php

  50. octagon

    the meat is here https://github.com/divestedcg/sbnr/blob/master/sbnr/captcha.php GPLv3, requires PHP

  51. Licaon_Kter

    octagon: this is integrated in a website? Would not show on IBR?

  52. octagon

    Licaon_Kter: nah I made a script for ejabberd that curls the image. It works just fine for ibr. You can try it on my server if you have my jid

  53. Licaon_Kter


  54. 404.city

    The problem with receiving spam is incorrect access rights. Strangers can send spam, so there is no way to protect yourself from spam as long as strangers can send anything.

  55. Licaon_Kter

    404.city: everyone is a stranger until you say they ain't

  56. 404.city

    The combination of the module for blocking messages from strangers with limiting the number of subscriptions sent, gives the desired result. One spammer cannot send more than a dozen messages from one account.

  57. Licaon_Kter

    404.city: share the subscription ejabberd config part

  58. Ge0rG

    404.city: you can't enforce number of subscriptions on *remote* servers

  59. Ge0rG

    404.city: and IBR is cheap. spammers are registering thousands of accounts