XMPP Service Operators - 2022-11-04

  1. nuegia.net

    > y'all use a security focused memory allocator on your servers? Sapotaceae, what's the point?

  2. Sapotaceae

    They can directly mitigate many forms of double free, use after free, write after free, and invalid free which are common vulnerabilities

  3. moparisthebest

    That's a strange way to write "RiiR"

  4. nuegia.net

    Sapotaceae, can yoou explain why those are problems?

  5. nuegia.net

    if i understand it correctly, this is memory leaking confidential data due to not zeroing before use correct?

  6. nuegia.net

    isn't it the program's fault for not deallocating memory after it's done with it not the memory allocator?

  7. nuegia.net

    any real world benefit from say, running prosody with glibc malloc vs ottomalloc?

  8. nuegia.net

    I tried changing the default malloc system-wide before

  9. nuegia.net

    on a linux system

  10. nuegia.net

    ended up with weird segmentation faults

  11. nuegia.net

    but most programs did accept a new malloc, and some had noticable performance improvements from sqitching say, qbittorrent from glibc malloc to jemalloc

  12. nuegia.net

    i know that openbsd uses ottomalloc system wide

  13. nuegia.net

    are there any security focused mallocs in the debian repositories?

  14. nuegia.net

    freebsd repositories?

  15. nuegia.net

    libhardenedmallouc has little effect on increasing prosody's memory usage

  16. nuegia.net

    my guess is that's probably because prosody doesn't make a bunch of small allocations

  17. nuegia.net

    but on other things like gettys it brings the resident usage from less than 1mb to 2-3 mb

  18. nuegia.net

    also interesting is that every process hardenedmalloc is used with reports a 12T virtual memory usage

  19. Link Mauve

    moparisthebest, weird segmentation faults are exactly the goal, when a (C) program is not using the allocated memory correctly, instead of silently continuing operations in a corrupted state or potentially leaking data, it will crash properly.

  20. Link Mauve

    nuegia.net, *

  21. nuegia.net

    I understand

  22. nuegia.net


  23. Link Mauve

    Of course, once you get a segfault, you should investigate into it, debug out why it happens and in which situation, and then report it or even fix it.

  24. Link Mauve

    Similar to asan, ubsan, valgrind, etc., it can be a tool which helps make fewer C mistakes.

  25. nuegia.net

    I'll be testing libhardened_malloc with prosody and biboumi

  26. nuegia.net

    If anybody is interested in the results let me know

  27. Link Mauve

    The devs of these two projects most likely.

  28. musaab22


  29. musaab22


  30. Menel

    That was informative 🙂 (well not the last two posts)

  31. Guus

    Have others noticed a recent uptake in spam?

  32. MattJ

    No, what kind of spam?

  33. Guus

    short messages that appear to poll for activity

  34. MattJ

    I had one message recently asking if I was free for a chat. It wasn't clearly spam, but it wasn't clearly not, so I just ignored it

  35. Guus

    from accounts on xmpp.jp, jabber.de, im.apinc.org, yourdata.forsale, 0day.im, for a cursory look.

  36. MattJ

    Haven't received anything else

  37. Guus

    The spam run very clearly started on October 20

  38. Guus

    is jabber.de operated by someone that we know in the community?

  39. Link Mauve

    Guus, im.apinc.org is handled by us, could you give me (in private perhaps) the list of JIDs that have been spamming you?

  40. Link Mauve

    Now and in the future, any spam message originating from our domains is an instant ban.

  41. Guus

    will do, tx

  42. Ge0rG checks server logs for spam

  43. nuegia.net

    i've not had that spam but I have had russian bots asking for a job

  44. nuegia.net

    and just repeating the same sentence in russian over and over again in mucs

  45. msavoritias

    Happened in some of mu mucs here too. And still happening as of this morning

  46. nuegia.net

    msavoritias, what domain is it coming from?

  47. msavoritias

    The one from a few days ago conversations.im Not sure about the one today. Not a mod there

  48. Ge0rG

    My #1 ingress spam domain is chinwag.im but it's got the most messages per flagged account

  49. Ge0rG

    exploit.im has the most bots, with 1 message each

  50. Ge0rG

    but it doesn't look like more spam than earlier, total 13k spam messages in the last 2 weeks

  51. nuegia.net

    I wonder if the people spamming realize how much time it takes out of all of us and how visible they are

  52. nuegia.net

    when we have these 'waves' to deal with

  53. Guus

    chinwag is on my list too.

  54. emus

    The admin has been contacted? hes from australia and should be reachable

  55. nuegia.net

    the emus are currently fighing over him between the spiders

  56. emus


  57. emus


  58. Guus

    emus, can you send me his contact details?

  59. nuegia.net

    Never underestimate an Emu. You Will Lose. https://en.wikipedia.org/wiki/Emu_War

  60. emus


  61. Ge0rG

    nuegia.net: that's called an "externality" in economic theory.

  62. nuegia.net


  63. Guus

    This is a list of domains that I received spam from, for which I don't have admin contacts. If anyone recognizes a domain as their own (or knows how to get in contact with an admin), I appreciate a message. https://pastebin.com/Y0XjUW9a

  64. emus

    blabber.im should be offline

  65. Licaon_Kter

    Guus: 404.city admin was here yesterday, as usual to complain on something that was not "perfect" creep.im admin was around, I can try and ping them if you PM me some accounts that spammed

  66. mike

    Hey folks, this is weird I've been showing as connected to operators but seen no messages since October 28. If anyone's got a list of Chinwag accounts dropping spam please mail it to admin@chinwag.im and I'll nuke them immediately

  67. Guus

    mike, I just sent you a subscription request

  68. mike

    I had a few that I spotted a while back that activated and started spamming, they were all registered back in 2018. I figured someone was burning old reserves and had run out

  69. emus

    Guus: possibly wrong ID

  70. msavoritias

    404 also says this email for abuse support@404.city

  71. msavoritias

    5 of july is this info@5july.org

  72. mike

    My published abuse contact info should show mailto:admin@chinwag.im I do monitor that.

  73. msavoritias

    Interesting that there is even the CCC xmpp server in there

  74. emus

    msavoritias: but the ccc server is a probllem for years alreaady

  75. msavoritias

    Ah wasnt aware 😅

  76. Guus

    Oh, I messed up a timestamp when generating that list of offending domains. The still have accounts that spam, but I didn't limit that to the last 2 weeks or so.

  77. Guus

    This is the list of domains that had accounts that _recently_ spammed: https://pastebin.com/Wc8S6iFD

  78. mike

    Yeah confirmed at least one more reactivated that's been dormant since 2018. This spammer is very patient.

  79. Guus

    I'm guessing that there are lists of credentials for accounts-to-be-used-for-spam floating around.

  80. Link Mauve

    For sure.

  81. Licaon_Kter

    mike: no yearly cleanup of inactive accounts?

  82. mike

    Not if they have ever been used. I only sweep registered but never logged into.

  83. mike

    If someone only has something to say every ten years, that's fine. Given there's rarely any way to contact out of band and warn of upcoming deletion I'm very adverse to it.

  84. MattJ

    Actually deleting accounts is problematic anyway, better to lock or tombstone them

  85. mike