XMPP Service Operators - 2021-02-04

  1. perflyst

    tom: as mentioned in the mail yesterday you are the first reporting this issue. logs are now active to get some more information why exactly that happens. will let you know

  2. tom

    Thanks perf

  3. tom

    I saw your message

  4. Andrew Hansen

    Hi guys, I'm new to this. I've just setup my own ejabberd xmpp server, everything is running great, will see how it all goes.

  5. Ge0rG

    do you have in-band-registration enabled? If yes, spammers will appreciate that ;)

  6. jayteeuk

    Andrew Hansen: Welcome!

  7. christian

    Ge0rG: i habe it enabled. And i am controlling the situation well ;-)

  8. e2e.ee

    Why do spammers use in-band registration? Why do spammers create lots and lots of accounts? What advantage does that give them?

  9. e2e.ee

    I am not a spammer... so I need to ask. 🤣

  10. Licaon_Kter

    e2e.ee: you need an account to send messages, not sure what's the confusing part

  11. pintosesk

    I guess if you look at it from a statistical point of view, it increases the yield of the operation.

  12. pintosesk

    Whether or not it's diminishing returns depends on how effective each bot is at its task.

  13. e2e.ee

    But, the spammers can create accounts from the website, so why prefer in-band reg?

  14. jonas’

    e2e.ee, you need to write a new parser for each new website

  15. jonas’

    in-band is standardized

  16. jonas’

    you only need to write a single thing which can do that

  17. e2e.ee

    How many accounts do they typically create in-band?

  18. jonas’

    50 lines in aioxmpp, done

  19. jonas’

    a lot.

  20. mathieui

    a lot.

  21. jonas’

    but sometimes also not a lot

  22. jonas’

    I hear

  23. jonas’

    but tehn again, a lot, but not at the same time

  24. e2e.ee

    "a lot" 😂 sounds funny. tens? hundreds? thousands? more?

  25. mathieui

    if left unsupervised without throttling, yes, they will easily create thousands

  26. e2e.ee

    Wow. That sucks.

  27. e2e.ee

    Have a wonderful day everyone!

  28. jayteeuk

    e2e.ee: You too!

  29. Ge0rG

    Yeah, speaking from experience, you get multiple hundreds to ~1000 accounts per batch, using a wordlist alphabetically, spreading the registration over Tor / open proxies to circumvent per-IP limits

  30. Ge0rG

    later they'll login, one after another, all from the same IP, and send a dozen spam messages to different JIDs each

  31. e2e.ee

    Ge0rG: That is interesting.

  32. e2e.ee

    Ge0rG: what happened to your yax vCard image? I don't see it today.

  33. Ge0rG

    Dunno

  34. Ge0rG

    Maybe there was a yak shaving accident.

  35. e2e.ee

    https://e2e.ee/upload/SjGAto02yn_q_ls4/20210204_114110.jpg

  36. jonas’

    oh indeed, it’s gone

  37. e2e.ee

    Update the image to republish.

  38. jonas’

    paint a mask on your yak while you’re ati t

  39. jonas’

    paint a mask on your yak while you’re at it

  40. Ge0rG

    that yak is from 1989, it's immune to global pandemics from the 2020s.

  41. jonas’

    but is it a sterelising immunity?

  42. mimi89999

    Establishing a secure connection from lebihan.pl to national-security.agency failed. Certificate hash: 20ca7c29f7942173de8718a092cf0593f5ab445fe082a02a35801fd2770f6ac8. Error with certificate 0: certificate has expired.

  43. mimi89999

    Whoever that it

  44. mimi89999

    .

  45. mimi89999

    Ping

  46. Licaon_Kter

    mimi89999: pong

  47. mimi89999

    Establishing a secure connection from lebihan.pl to national-security.agency failed. Certificate hash: 20ca7c29f7942173de8718a092cf0593f5ab445fe082a02a35801fd2770f6ac8. Error with certificate 0: certificate has expired.

  48. neox

    national-security.agency 🤔️

  49. Martin

    On http they forward to https://www.nsa.gov/ 😁

  50. mjk

    Lol

  51. Martin

    Also ironic that mimi89999 can't establish a secure connection to the security agency.

  52. kahlb

    They don't want no security for citizens.