XMPP Service Operators - 2021-06-16

  1. mimi89999

    Establishing a secure connection from bashtel.ru to lebihan.pl failed. Certificate hash: 3d84f0a617e4665ee373554ace7456d7c1c986381e0e5272cf6db78105bdeaa4. Error with certificate 0: EE certificate key too weak, self signed certificate, certificate has expired.

  2. rob

    Is anyone interested in a public RBL for naughty servers?

  3. rob

    Something you can update a jail from to preemptively block bad actors

  4. Martin

    Like the Jabberspam blocklist?

  5. jonas’

    https://github.com/JabberSPAM/blacklist that one

  6. Ge0rG

    the ungoodlist.

  7. Ellenor Malik


  8. rob

    Like that yes, but more. For example all the servers running scripts to brute force ssh, or anything really

  9. rob

    Like the endless logs of fake users trying to log in to my mail server, all from one or two addresses depending on the day

  10. rob

    Just obvious bad IPs

  11. Menel

    There must be such lists somewhere I suppose. Like you describe, non xmpp specific.

  12. Menel

    Like all these lists: https://whatismyipaddress.com/blacklist-check

  13. rob

    Exactly but not just spam

  14. rob

    And if not, I might make one

  15. Menel

    They are also often for attacks

  16. rob

    It would be neat to have meta data available, so you could get a list a known ssh crawlers, or mail spammers etc

  17. jonas’


  18. jonas’

    that one also has categories for open proxies

  19. rob

    Oh nice

  20. Харпер

    rob: http://iplists.firehol.org/

  21. rob

    Харпер: Very cool, someone already did it 😊

  22. moparisthebest

    don't they change enough to not be useful ?

  23. rob

    Well it's part of firehol which updates your lists and related firewall rules regularly

  24. rob

    So I'd have to figure out how to use that

  25. Харпер

    They are standard ipset files

  26. Харпер

    You can use them straight or with firewalld

  27. rob

    I'll have to read up, I am only familiar with iptables a bit, and ip commands

  28. Julian

    They are not there yet, but crowdsec aims to provide some kind of community list of bad players. Like fail2ban with distributed intelligence. https://github.com/crowdsecurity/crowdsec

  29. moparisthebest

    you know what fail2ban *doesn't* fail to ban? yourself from your own servers

  30. moparisthebest

    if your stuff is set up right, ssh crawlers / mail spammers poking at it shouldn't bother you, just ignore it...

  31. rob

    > if your stuff is set up right, ssh crawlers / mail spammers poking at it shouldn't bother you, just ignore it... Ya it just bothers me, no ill effect. I just don't like it

  32. moparisthebest

    it doesn't warm your heart thinking about all the resources they are wasting on never getting into your servers ?

  33. Харпер

    Yep, I stopped bothering if it is inconvenient

  34. Харпер

    OpenWrt/pfSense both make it trivial to use those lists if your server if behind one of them. At that point you might as well

  35. Харпер

    Like does anyone here still use Snort? That is long dead imo