XMPP Service Operators - 2023-02-18


  1. blockchaintradev removed by moderator

  2. agh

    I will only help you if you have a fierce fealty to the Crown Prince of Nigeria

  3. diane

    you know, I don't think there is such a thing. Modern Nigeria's borders are mostly the fault of the British (and one civil war after british independance), any crown princes that aren't the British, were rules of other kingdoms.

  4. agh

    interesting, tho, I am really of the opinion, no masters, no gods, no nations, no borders.

  5. agh

    I live in a former British penal colony, it is fucked.

  6. diane

    oh somewhere I saw that celebrating independance from the british is the most common national holiday

  7. agh

    🤣️ awesome

  8. diane

    If you're curious here's a story of Benin the capital of one of those former kingdoms. https://www.theguardian.com/cities/2016/mar/18/story-of-cities-5-benin-city-edo-nigeria-mighty-medieval-capital-lost-without-trace

  9. agh

    I am curious, thank you.

  10. agh

    This is amazing. Are you familiar with David Graeber's works?

  11. diane

    some of it

  12. agh

    I am not a post-modernists, in fact I dislike it with a passion, but I love these pieces and academic works that dismantle the Eurocentric model of human achievement and development.

  13. Licaon_Kter

    agh, diane: take it to Offtopic pls

  14. agh

    Licaon_Kter, Shutting up now.

  15. agh

    Thank you for the reminder.

  16. diane

    wait there's an off topic channel?

  17. Licaon_Kter

    For not-on-topic stuff some of us hang out elsewhere xmpp:conversations-offtopic-reloaded@conference.trashserver.net?join ;)

  18. diane

    ah thank you

  19. diane

    Out of curiosity, what's the status of the XEPs for moderation? I saw the spammer was in some other channels too, and that seems like a good priority for deletion?

  20. moparisthebest

    It's tricky, sometimes things posted in multiple MUCs are spam, and other times just important news

  21. MattJ

    Yes, the XEPs are implemented and deployed, and we do delete stuff. Main problem is that it was sent while I was sleeping 🙂

  22. MattJ

    Though I thought we had sufficient blocks in place after a similar spammer last year, I'll have to find out why they didn't catch it

  23. MattJ

    Oh fun, the spammer was from Matrix, using a bridge

  24. msavoritias

    matrix has been bringing spam in the disroot room too. Not surprised it happened here too then

  25. Ellenor Bjornsd.

    awr?

  26. Licaon_Kter

    > Oh fun, the spammer was from Matrix, using a bridge Of all the bot usages I've never had a "usecase" but I added a mental todo for _"list user jids and kick matrix bridge users asking them to use xmpp"_ Any day now...

  27. MattJ

    I don't think telling spammers to use XMPP is the solution :)

    🤣️ 1
  28. Guus

    Interesting to see how this develops. If this is going to develop into something more than the one off that it appears to be today, then I wonder if we can start to investigate if this means anything, eg if automatic account creation is easier in the Matrix ecosystem than with XMPP, or that automatic message delivery APIs are easier to use, etc.

  29. Licaon_Kter

    MattJ: ¯\_(ツ)_/¯ But I was speaking only about spammers ;)

  30. Jason Hammons

    Testing.

  31. Jason Hammons

    What does my name display as?

  32. MattJ

    Jason Hammons

  33. Jason Hammons

    Thank you.

  34. bkil

    Spammers use whatever platform that makes the most financial sense. I.e., they advertise on the platforms that has sufficient number of potential paying customers & laymen. While a given messenger is only used by a few geeks, it is usually not a good target for monetization. Matrix has reached commercial viability in the recent years due to its growing popularity and appeal for common people. Although we receive most spammers from Telegram/WhatsApp still (no wonder, given the proportions).

  35. bkil

    For implementing concrete heuristics, see the XMPP MUC mod-ideas at conference.movim.eu

  36. nuegia.net

    bkil, I call bs on that

  37. nuegia.net

    XMPP has had spammers and we developed immune systems to it

  38. nuegia.net

    xmpp being around since 1998

  39. nuegia.net

    spam is still an issue for xmpp, and it comes in waves

  40. MattJ

    carlos, are you the same carlos that runs chatterboxtown?

  41. nuegia.net

    Matrix has a big spam problem because of poor, near-sighted corporate design.

  42. bkil

    I don't see how you could protect against the most common varieties in the wild, though.

  43. bkil

    I have a very elaborate scheme in draft that _might_ work in the end, but it is too complicated to implement.

  44. bkil

    https://github.com/bkil/banhaxmer/

  45. bkil

    XMPP would provide even less protocol level opportunities to enforce such elaborate web of trust rules than the integer power levels on Matrix.

  46. nuegia.net

    bkil, you might want to simplify your design by making each componet into a module that returns a float score

  47. nuegia.net

    of how 'spammy' something is

  48. nuegia.net

    then tally up the numbers at the end and assign score levels to actions

  49. nuegia.net

    that's how email spam detection works

  50. bkil

    I hope it is now not considered by BS by you by providing an elaboration.

  51. bkil

    I hope it is now not considered BS by you by providing an elaboration.

  52. bkil

    I do not support stochastic (random) delivery similar to what had became the norm on email today.

  53. bkil

    And it mostly only works if you are registered on one of the top few providers controlling like 90% of email addresses, otherwise you will have a really tough time to enter or negotiate any issues.

  54. nuegia.net

    I run my own mailserver

  55. nuegia.net

    I don't have a problem emailing people on bigmailer servers

  56. bkil

    On a forum that shared their stats, like 80% registered with gmail even 5 years ago. I guess the ratio today would be 90-95%.

  57. Amolith

    I assume the answer is no but I'm going to ask anyway because I'm really tired of this. Is there an effective way to ban someone who keeps creating accounts on other servers, joining my MUC, and sending extremely graphic and NSFW images? Some have been disgusting porn and others have been dismemberment. I don't know what to do other than continue playing whack-a-mole

  58. bkil

    Sorry I'm off to sleep now

  59. nuegia.net

    Amolith, I have that problem too sometimes.

  60. MattJ

    Amolith, if you're running Prosody, set up https://modules.prosody.im/mod_muc_rtbl

  61. bkil

    But it's a statistical anomaly to only consider those who succeed, see negative publication bias, etc Sorry, too tired to search and link all relevant wiki articles right now

  62. nuegia.net

    Amolith, the best way i've found is to report the abuse to the provider they come in, ask them to look for other accounts on that ip address

  63. nuegia.net

    often times they do, and they find 10-30 other accounts to suspend

  64. Amolith

    MattJ, I'm not at the moment but I'm honestly considering it because it seems to have a lot more modules for preventing spam

  65. nuegia.net

    Amolith, develop a checklist for dealing with spammers

  66. bkil

    Closing words: you can get a (residential proxy) for a few cents to work around such simple IP block. And also, most providers can take days to act according to our experience.

  67. nuegia.net

    it would be really nice if we could work together on creating a blocklist for people who are creating a bunch of accounts on open reg xmpp servers

  68. Amolith

    something like this but for JIDs maybe https://github.com/JabberSPAM/blacklist

  69. MattJ

    That's what mod_muc_rtbl does, but in real-time

  70. Amolith

    Yep

  71. nuegia.net

    the jabberspam blacklist is really unfortunate

  72. MattJ

    All tonight's spam JIDs have been added to the blocklist within a minute or two of a blocklist admin being aware of a new JID

  73. nuegia.net

    I get a lot of legitimate users from creep.im, even tho it's listed

  74. MattJ

    and messages have been scrubbed from the room history of MUCs I have sufficient control over

  75. nuegia.net

    thanks for that MattJ

  76. MattJ

    The tools are here, they're just not universally deployed

  77. carlos

    MattJ: no

  78. fireburner

    Is here anyone from magicbroccoli.de Server? There is a muc and the owner hasn't been seen for a while and there are no other Moderators, but there is a user having the n-word AS there user name and he de shoukd be banned. The muc is lineage@conference.magicbroccoli.de

  79. MattJ

    carlos, okay, thanks

  80. Guus

    The tools are here, in Prosody, perhaps. Outside of it? Openfire has a jabberspam-list, but nothing as 'live' as mod_muc_rtbl

  81. nuegia.net

    fireburner, there's also someone posting gore porn across mucs from magiccrobboli

  82. fireburner

    Maybe the same person

  83. Trung

    can people start droping the spammer's IP in here?

  84. nuegia.net

    i can't see their jid as i'm not an admin in the muc it's happening, but templeos is their nick

  85. Trung

    would help quite a bit

  86. nuegia.net

    when dealing with spam every little bit helps

  87. nuegia.net

    no single solution by itself stops spam

  88. fireburner

    Now there is someone calling themself 'niggers' spamming around in multiple mucs

  89. nuegia.net

    a bunch of little systems compounded into a gestalt creates a burden larger then the spammers is willing to deal with

  90. nuegia.net

    least in most cases

  91. MattJ

    fireburner, it's almost certainly the same person

  92. MattJ

    They've been creating accounts across various servers (almost all of them deleted already), and spamming MUCs with various unpleasant stuff

  93. MattJ

    If you are an operator of a Prosody server with public MUCs, ensure mod_muc_rtbl is loaded and set muc_rtbl_jid = "xmppbl.org"

  94. MattJ

    You may also consider https://modules.prosody.im/mod_muc_restrict_media

  95. nuegia.net

    MattJ, quick questions about muc_rtml

  96. nuegia.net

    does that mean trusting everyone who can create and become an admin of a muc on their server

  97. nuegia.net

    and what's the link to the blacklist already on xmppbl.org?

  98. nuegia.net

    I'd like to take a look at it myself before applying it

  99. MattJ

    There's no web link, and only hashes of JIDs are in the blocklist

  100. nuegia.net

    why hashes?

  101. Guus

    Is that plugin based on a XEP, Mattj?

  102. MattJ

    For many reasons, JIDs may be identifying, and may contain the same offensive stuff we want to block, for example

  103. MattJ

    Guus, XEP-0060

  104. Guus

    pff :)

  105. Guus

    I think you know that's not what I ment :)

  106. MattJ

    I wasn't sure, but I'm not sure what else to say :)

  107. Guus

    something that defines the hashing algorithm commonly used, that has suggestions on where & when to apply additions / removals, etc.

  108. Trung

    our friend is quite active in here atm: en@chat.404.city

  109. Guus

    But from your earlier response, I take that doesn't exist.

  110. MattJ

    Guus, no, there is no such definition. mod_muc_rtbl assumes sha256(jid) currently, mod_firewall also supports subscribing to these lists but IIRC it's configurable to use any format

  111. Guus

    A XEP makes for an easy reference into a to-be-created feature request ticket, that's all :)

  112. MattJ

    Right now I can only offer https://modules.prosody.im/mod_muc_rtbl#protocol

  113. MattJ

    But it's barely a protocol right now, apart from XEP-0060

  114. Guus

    I just created a 'steal Prosody's stuff' ticket

  115. nuegia.net

    lol

  116. Guus

    although I suspect that there's little interest - most of our servers aren't big in federating - mostly inner-org, private servers.

  117. nuegia.net

    I don't see where you actually subscribe to xmppbl in the module's document or source

  118. nuegia.net

    muc_rtbl_jid?

  119. nuegia.net

    MattJ, are you thin one running xmppbl?

  120. Guus

    nuegia.net: I don't read LUA, but line 8 suggests it is a configurable option: https://hg.prosody.im/prosody-modules/file/0a257d1402c3/mod_muc_rtbl/mod_muc_rtbl.lua

  121. Guus

    (which kind of makes sense to me)

  122. nuegia.net

    I see that

  123. MattJ

    nuegia.net, xmppbl.org is run by a few people, and a few people have access to manage the blocklist

  124. MattJ

    That's about as specific as it will get for now in a public venue. You're free to take it or leave it :)

  125. nuegia.net

    ok

  126. nuegia.net

    What are the conditions for a jidhash to get added to the blocklist, or removed as of now?

  127. nuegia.net

    that's done manually by a human entering in things right now right?

  128. nuegia.net

    Is this a project that was spun up for an emergency, or a more formal thing?

  129. MattJ

    It was spun up because I was tired of manually banning JIDs across dozens of MUCs

  130. MattJ

    There's no specific list of conditions to get on the blocklist, but it's only used when necessary (spam/abuse across multiple MUCs)

  131. Menel

    If one could enter more then one node, and had some easy way to add and remove items, it could be quite a distributed feature.. Lots of servers could run their own nodes and others could subscribe to other nodes they trust.

  132. MattJ

    Yes, it's definitely planned to add support for more than one list (you can already do this with mod_firewall, but it's more complex than mod_muc_rtbl)

  133. MattJ

    Multiple lists, aggregators of lists, all would be good

  134. nuegia.net

    ok

  135. nuegia.net

    thankyou for this

  136. MattJ

    But the current module was written in a limited amount of time to solve a specific problem I was facing at the time

  137. Menel

    Snikket far future feature?

  138. nuegia.net

    I'll apply it now

  139. MattJ

    Snikket servers generally don't have much of a spam problem, by their nature. But potentially, sure.

  140. Menel

    For the time everyone only uses snikket

  141. MattJ

    Well then, of course :)

  142. Menel

    The current method surely works for the one Spammer once every 6 month

  143. nuegia.net

    MattJ, your saying mod_firewall now has the ability to update it's lists from pubsub?

  144. MattJ

    I'd like to see more work on moderation tooling in XMPP. I've thrown a few things out, and they're useful, but there's a lot more that could be done to expand them and make them more user-friendly.

  145. MattJ

    nuegia.net, yes, since 2 years ago: https://hg.prosody.im/prosody-modules/rev/b88f05c878ac

  146. nuegia.net

    muc_rtbl_jid = "xmppbl.org" right?

  147. MattJ

    Though it looks like I possibly neglected to update the docs

  148. MattJ

    Right

  149. nuegia.net

    thanks

  150. nuegia.net

    Hey is there an easy way to have an exeption list but only for passing through certain blocklists but still go through other firewall checks with mod_firewall?

  151. MattJ

    mod_firewall can do pretty much anything you want

  152. nuegia.net

    it's synxtax is kind of confusing, especially when you get chains involved

  153. MattJ

    https://modules.prosody.im/mod_firewall#check-list has an example to check a list

  154. nuegia.net

    If anybody else has encountered the same need, I was hoping they could publish a template or something

  155. nuegia.net

    Yeah, I know how to check a list, what i'm talking about is how to bypass the list check only for certain conditions

  156. moparisthebest

    nuegia.net: like https://burtrum.org/kids_firewall.pfw.txt ?

  157. Harper

    Any ejabberd support for the block list?

  158. MattJ

    Harper, not that I'm aware of, currently

  159. nuegia.net

    the usecase is i want to apply a blocklist for servers, but I want to whitelist all the jids already coming into my servers that aren't causing trouble so their not affected by the block

  160. MattJ

    Harper, I think there is a module for the text file one (which blocks whole servers), but not the real-time lists and not for MUC

  161. MattJ

    nuegia.net, I try to be mindful of that, for example Prosody's example spam-blocking rules will skip most checks for users on your roster already, and mod_muc_rtbl won't ban people who are members of a MUC

  162. MattJ

    So the local server is basically the priority, and the blocklists/filtering are just used otherwise

  163. Harper

    The xmppbl is just pubsub node?

  164. MattJ

    Yes

  165. nuegia.net

    another spammer jid: niggers <niggers@chatterboxtown.us>

  166. diane

    icky.

  167. a moderator removed a message

  168. nuegia.net

    templeos <templeos@magicbroccoli.de>

  169. MattJ

    That account was already deleted earlier

  170. MattJ

    afaik

  171. nuegia.net

    thanks

  172. MattJ

    everyoneisattractedtominors@chatterboxtown.us was just added to the RTBL

  173. mightyBroccoli

    yes the account is banned already.

  174. nuegia.net

    with the content and names of the spam, it doesn't seem financially motivated

  175. Amolith

    This is the same person who's been spamming my MIC

  176. Amolith

    This is the same person who's been spamming my MUC

  177. ij

    not only yours

  178. moparisthebest

    Is this our old friend morph again

  179. Amolith

    > not only yours Yep, I just looked through some of my other MUCs with recent activity

  180. Amolith

    They're everywhere

  181. fireburner

    This one is spamming now everyoneisattractedtominors@chatterboxtown.us

  182. wurstsalat

    now it's xmppiscensorship@chatterboxtown.us

  183. moparisthebest

    "banning people who post gore is censorship" is certainly a take lol

  184. Amolith

    I toggle the CAPTCHA option in my MUC through Dino. I don't know whether that actually enables a CAPTCHA but we'll see whether it makes a difference

  185. antranigv

    Hey operators

  186. benk

    barev

  187. antranigv

    for the first time we got a porn/spam in our MUC. while I banned the user, I’m not sure if I can delete the old message. any advice?

  188. MattJ

    antranigv, what software does your service run?

  189. wurstsalat

    antranigv, https://modules.prosody.im/mod_muc_moderation.html on prosody

  190. antranigv

    I’m running prosody

  191. antranigv

    I really want to move to ejabberd tho :D

  192. antranigv

    @wurstsalat thanks. I’ll check it now

  193. MattJ

    antranigv, enable mod_muc_moderation: https://modules.prosody.im/mod_muc_moderation

  194. MattJ

    Oh, wurstsalat already said, sorry :)

  195. wurstsalat

    antranigv, you'll need a XEP-0425 capable client though (poezio, gajim, ...)

  196. antranigv

    Gajim on macOS? lemme check

  197. wurstsalat

    some people use Gajim on macOS, yes (no official packages though)

  198. antranigv

    okay, time to get the FreeBSD machine :D

  199. wurstsalat

    flatearthandelitegenderinversion@chatterboxtown.us is spamming now

  200. TheCoffeMaker

    thx wurstsalat

  201. antranigv

    oh god, it’s the same spam everywhere

  202. gooya

    We need like a global blacklist github of known domains with spammers

  203. MattJ

    Since you're running Prosody, you should add mod_muc_rtbl too: https://modules.prosody.im/mod_muc_rtbl (with muc_rtbl_jid = "xmppbl.org")

  204. Harper

    That already exists

  205. gooya

    Harper: Yeah I know but it is inactive

  206. MattJ

    It's not inactive

  207. MattJ

    The set of spammy servers doesn't change daily

  208. nicoco

    MattJ: just muc_rtbl_jid? no need to set muc_rtbl_node?

  209. MattJ

    No, the default is what you want

  210. nicoco

    thanks

  211. nicoco

    I guess restarting prosody is the easiest way to get it to load after editing the .cfg.lua?

  212. MattJ

    prosodyctl shell config reload && prosodyctl shell module load muc_rtbl conference.example.com

  213. antranigv

    has someone here ever done a prosody -> ejabberd migration with data and users? Users are in prosody files

  214. antranigv

    i mean I can do it manually, I know both pretty well, but in case there was a conversion tool