Does anyone here know if any other servers were attacked as well?
resolihas joined
opensourcedhas left
opensourcedhas joined
croaxhas left
croaxhas joined
millesimushas left
jakobhas left
jakobhas joined
wladmishas left
wladmishas joined
opensourcedhas left
opensourcedhas joined
Apollohas joined
somenamehas joined
ijhas left
opensourcedhas left
opensourcedhas joined
kuba_has left
Chris Machas joined
xihas joined
@scilens:kde.orghas left
@redflag:aria-net.orghas left
@maranda:aria-net.orghas left
@rosebyte:matrix.orghas left
@bkil:matrix.orghas left
@mjolnir:aria-net.orghas left
ijhas joined
Obscurahas joined
Melhas left
resolihas left
resolihas joined
mjkhas left
@bkil:matrix.orghas joined
@scilens:kde.orghas joined
@redflag:aria-net.orghas joined
mjkhas joined
antranigvhas left
kuba_has joined
karimhas left
antranigvhas joined
antranigvhas left
Chris Machas left
Chris Machas joined
ibikkhas left
dcuba.ar adminhas joined
@rosebyte:matrix.orghas joined
karimhas joined
kuba_has left
djorzhas joined
kuba_has joined
wladmishas left
wladmishas joined
dcuba.ar adminhas left
resolihas left
Obscurahas left
SJMhas left
SJMhas joined
millesimushas joined
abdullahhas joined
balabol.imhas left
sonnyhas left
sonnyhas joined
test1has left
test1has joined
balabol.imhas joined
John has left
Melhas joined
Obscurahas joined
abdullahhas left
Abbehas joined
sonnyhas left
sonnyhas joined
@mjolnir:aria-net.orghas joined
abdullahhas joined
belovehas left
ffuenteshas left
ffuenteshas joined
kuba_has left
kuba_has joined
Chris Machas left
@scilens:kde.orghas left
@redflag:aria-net.orghas left
@rosebyte:matrix.orghas left
@bkil:matrix.orghas left
@mjolnir:aria-net.orghas left
belovehas joined
mhhas left
abdullahhas left
abdullahhas joined
mhhas joined
ibikkhas joined
Ian Blashas left
Ian Blashas joined
Chris Machas joined
kuba_has left
jakobhas left
Ray22has joined
kuba_has joined
Ian Blashas left
jakobhas joined
Ian Blashas joined
abdullahhas left
Sapotaceaehas left
abdullahhas joined
usihas joined
kuba_has left
Ray22has left
John has joined
test1has left
test1has joined
kuba_has joined
usihas left
test1has left
Sapotaceaehas joined
karmehas left
belovehas left
abdullahhas left
riau.snihas left
andrathhas left
andrathhas joined
scilenshas joined
karmehas joined
redflaghas joined
bkilhas joined
Ian Blashas left
Ian Blashas joined
Menel
https://social.tchncs.de/@trashserver/108911537786777778
Is there some mod_firewall equivalent for ejabberd or something? I don't know what magic yax.im or jabber.fr use...
Menel: There's no mod_firewall equivalent, no. There's other means but I avoid discussing details in public.
Zash
What about account invites?
jakobhas left
Licaon_Kter
_"Who's got a riseup invite you guys?"_ thing?
jakobhas joined
Mjolnir Archonhas joined
Holger
Zash: Clearly a good solution for small servers, not sure about larger ones like Trashserver? Maybe.
Holger
ejabberd doesn't have that yet but I'd be interested myself for domain hosting specifically.
Chris Machas joined
Zash
I would like to believe it could work for a public server too, but probably not in every situation.
kuba_has left
kuba_has joined
p55shas joined
Marandahas joined
Ingolfhas left
John has left
John has joined
Chris Machas left
Chris Machas joined
Ingolfhas joined
savagepeanuthas left
savagepeanuthas joined
test1has joined
Melhas left
test1has left
Chris Machas left
ilmaisin_has left
djorzhas left
karimhas joined
Chris Machas joined
catchyhas left
test1has joined
test1has left
Abbehas left
Mjolnir Archonhas left
scilenshas left
Marandahas left
RoseBytehas left
bkilhas left
redflaghas left
Ian Blashas left
Ian Blashas joined
greyhas left
greyhas joined
riau.snihas left
msavoritiashas left
riau.snihas joined
scilenshas joined
redflaghas joined
bkilhas joined
karmehas left
homebeachhas left
homebeachhas joined
greyhas left
greyhas joined
RoseBytehas joined
resolihas joined
*IM*has left
Ivanhas left
Ivanhas joined
*IM*has joined
test1has joined
test1has left
beanhas left
jakobhas left
patascahas left
podhas left
savagepeanuthas left
savagepeanuthas joined
jakobhas joined
belovehas left
Ivanhas left
podhas joined
belovehas joined
test1has joined
test1has left
Chris Machas left
jakobhas left
catchyhas joined
jakobhas joined
WojtekIMhas joined
belovehas left
Wojtekhas joined
Ian Blashas left
konxhas joined
podhas left
Chris Machas joined
Abbehas joined
diane
root, thanks for the links to the xmpp monitoring tools
mhhas left
ibikkhas left
sonnyhas left
sonnyhas joined
SouLhas left
belovehas joined
resolihas left
sonnyhas left
daanishhas left
sonnyhas joined
mhhas joined
croaxhas left
croaxhas joined
balabol.imhas left
Mjolnir Archonhas joined
test1has joined
sonnyhas left
sonnyhas joined
Ian Blashas joined
test1has left
daanishhas joined
homebeachhas left
homebeachhas joined
greenkeeperhas left
greenkeeperhas joined
*IM*has left
Chris Machas left
@maranda:aria-net.orghas joined
Ingolfhas left
Chris Machas joined
rosshas left
rosshas joined
rosshas left
rosshas joined
Ian Blashas left
@maranda:aria-net.orghas left
Marandahas joined
Wojtekhas left
WojtekIMhas left
Chris Machas left
Chris Machas joined
SJMhas left
SJMhas joined
Melhas joined
Wojtekhas joined
Wojtekhas left
Menelhas left
Menelhas joined
greenkeeperhas left
greenkeeperhas joined
undefinedhas left
undefinedhas joined
test1has joined
Ingolfhas joined
test1has left
Ray22has joined
greyhas left
greyhas joined
MattJ
The invite-only model has worked for many public (non-XMPP) services
Holger
Isn't it hard to exclude spammers without excluding others?
MattJ
Also, trashserver until today was being recommended by jmp.chat to their new customers. If ejabberd had similar functionality to Prosody in this area, they would have been able to continue with that by simply generating invites. For now they've had to switch to recommending a different server.
zhoskahas joined
MattJ
For a communication platform it's much more likely that you are joining because someone you know is already using it
Holger
I'm in no way arguing against offering invites of course 🙂
bkil
Note that Facebook also started out as invite-only until they could hire a moderation team. We also welcome you in the mod-ideas@conference.movim.eu MUC if you have any concrete experience or idea for future tricks to deal with scammers.
MattJ
and I'm not saying it should be impossible to join any other way, but I don't think it's preferable to see services close up entirely due to spammers
MattJ
Invites are a very workable middle-ground
william.chatnerhas left
diane
Well if you have a reasonably defined set of seed users.
bkil
What do you think about lobsters/lobste.rs? https://lobste.rs/about#invitations
Holger
> For a communication platform it's much more likely that you are joining because someone you know is already using it
Ok yeah I get the idea under the assumption that everyone offers it. Not an option for the university server I'm using, so I can't onboard my contacts that way. But probably not the common case yes.
MattJ
bkil, yes, it's an example of a service where it's used and relied upon
bkil
You are supposed to find a friend in the user/invite tree and ask for an invite there. Incidentally, the invite tree also provides transparency against abuse..
Ian Blashas joined
MattJ
Holger, so the university server is public-registration?
Holger
No, it's closed.
bkil
However, registered users need to be non-anonymous so their friends could identify them by name, so it's a trade-off towards privacy.
MattJ
Okay, so you're saying you'd want to onboard people to XMPP but on a different server
Holger
Yes.
andrewhas left
Holger
I mean I'm not making this up this *is* my case, and I onboarded many private contacts. But yes *I* would manage to create invites nevertheless 🙂
MattJ
I think that's a less common case, but not uncommon (I mean, Snikket has a similar situation). But it still doesn't mean you can't give out invites to public services based on whatever criteria.
MattJ
When I first gave the talk at FOSDEM (pre-Snikket) about my ideas around invite registration, my plan at the time was to build a registration gateway, e.g. joinjabber.org. It would implement whatever anti-spammer stuff was necessary, but still allow people to sign up to various public servers.
MattJ
And there's no need to limit it to a single such portal, e.g. you could have them for different languages or communities
MattJ
But also since that time I increasingly lost faith in large volunteer-run public services as a sustainable model anyway
Ian Blashas left
MattJ
Anyway, it seems clear to me that there are services that would be good candidates for invite-only registration that are just closing registration entirely instead
MattJ
So I remain a firm believer that invite-based registration would result in a more open network overall, rather than a more closed one
Holger
If this is meant to be an anti-spam measure, is the idea to end up with non-invite-based somehow being identifiable as a spam filter criteria?✎
Holger
If this is meant to be an anti-spam measure, is the idea to end up with non-invite-based services somehow being identifiable as a spam filter criteria? ✏
greyhas left
greyhas joined
Holger
I mean if you don't invite the spammer the obvious next step is simply that the spammer will move to another server. To his own if all else fails. And then?
MattJ
I don't think it even has to be used as a direct criteria. The fact is that >99.9% of spam is coming from servers with public IBR
MattJ
And those servers are already being added to Lists
Holger
100% is coming from XMPP servers.
Chris Machas left
MattJ
A subset of XMPP servers
homebeachhas left
homebeachhas joined
Holger
🙂
Holger
Yes but the conclusion that spammers will go away if IBR goes away doesn't sound plausible to me.
Holger
They just need to adjust their scripts no?
MattJ
So I don't see a need to change how servers end up on spam lists. Whatever mechanisms they implement (or don't) to tackle spam, the results show themselves.
marc0shas left
MattJ
What would they change their scripts to do?
MattJ
and I've never claimed that spam will just go away
Holger
As I said above. If all else fails the script will have to do s2s.
MattJ
I missed that implication. Whether servers use public or invite-only IBR doesn't change whether that tactic would work on today's network.
Holger
I understood the "99% is coming from IBR" to imply that "ditching IBR will reduce spam".
Mjolnir Archonhas left
bkilhas left
scilenshas left
RoseBytehas left
Marandahas left
redflaghas left
emus
Would there be a way to for example verify via mail?
marc0shas joined
emus
asking for email to regiater (and password reset 🙂)
There is the network perspective, and the operator perspective. I've mostly talked about the operator perspective, but of course they are linked. I would like it if operators didn't have to close up entirely because they can't deal with the spam registrations on their server.
melvohas joined
MattJ
From the network perspective, we need to be able to handle s2s spam regardless of anything else
MattJ
If everyone dropped public IBR, sure, it would make spammers more likely to go that route
test1has left
Ian Blashas joined
Holger
> I would like it if operators didn't have to close up entirely because they can't deal with the spam registrations on their server.
I agree of course (and already suggested ideas to Thomas, let's see).
bkilhas joined
redflaghas joined
croaxhas left
croaxhas joined
huxxerhas left
scilenshas joined
dominionhas left
Ian Blashas left
ijhas left
Zash
You could have a hybrid approach, where e.g. the website publishes single use invites at some rate that can be bypassed by getting an invite from an existing user.
test1has joined
test1has left
greyhas left
greyhas joined
Silvio Titzmannhas left
Chris Machas joined
moparisthebest
What if we build s2s spamming tools in the hopes spammers use them instead of ruining public servers
Holger
Hah.
Zash
Don't give them ideas
patascahas joined
RoseBytehas joined
moparisthebest
Think of what you could do with a wildcard a record pointed at your IP
Ian Blashas joined
belovehas left
'has left
belovehas joined
'has joined
daanishhas left
Ian Blashas left
catchyhas left
test1has joined
zhoskahas left
zhoskahas joined
daanishhas joined
Ingolfhas left
bkilhas left
RoseBytehas left
scilenshas left
redflaghas left
albertohas left
Ian Blashas joined
bkilhas joined
redflaghas joined
John has left
scilenshas joined
bkil
Well, the income could be used to fund XMPP related development. 🤷 Banning spammers does not pay well.