- blockchaintradev removed by moderator
-
agh
I will only help you if you have a fierce fealty to the Crown Prince of Nigeria
-
diane
you know, I don't think there is such a thing. Modern Nigeria's borders are mostly the fault of the British (and one civil war after british independance), any crown princes that aren't the British, were rules of other kingdoms.
-
agh
interesting, tho, I am really of the opinion, no masters, no gods, no nations, no borders.
-
agh
I live in a former British penal colony, it is fucked.
-
diane
oh somewhere I saw that celebrating independance from the british is the most common national holiday
-
agh
🤣️ awesome
-
diane
If you're curious here's a story of Benin the capital of one of those former kingdoms. https://www.theguardian.com/cities/2016/mar/18/story-of-cities-5-benin-city-edo-nigeria-mighty-medieval-capital-lost-without-trace
-
agh
I am curious, thank you.
-
agh
This is amazing. Are you familiar with David Graeber's works?
-
diane
some of it
-
agh
I am not a post-modernists, in fact I dislike it with a passion, but I love these pieces and academic works that dismantle the Eurocentric model of human achievement and development.
-
Licaon_Kter
agh, diane: take it to Offtopic pls
-
agh
Licaon_Kter, Shutting up now.
-
agh
Thank you for the reminder.
-
diane
wait there's an off topic channel?
-
Licaon_Kter
For not-on-topic stuff some of us hang out elsewhere xmpp:conversations-offtopic-reloaded@conference.trashserver.net?join ;)
-
diane
ah thank you
-
diane
Out of curiosity, what's the status of the XEPs for moderation? I saw the spammer was in some other channels too, and that seems like a good priority for deletion?
-
moparisthebest
It's tricky, sometimes things posted in multiple MUCs are spam, and other times just important news
-
MattJ
Yes, the XEPs are implemented and deployed, and we do delete stuff. Main problem is that it was sent while I was sleeping 🙂
-
MattJ
Though I thought we had sufficient blocks in place after a similar spammer last year, I'll have to find out why they didn't catch it
-
MattJ
Oh fun, the spammer was from Matrix, using a bridge
-
msavoritias
matrix has been bringing spam in the disroot room too. Not surprised it happened here too then
-
Ellenor Bjornsd.
awr?
-
Licaon_Kter
> Oh fun, the spammer was from Matrix, using a bridge Of all the bot usages I've never had a "usecase" but I added a mental todo for _"list user jids and kick matrix bridge users asking them to use xmpp"_ Any day now...
-
MattJ
I don't think telling spammers to use XMPP is the solution :)
🤣️ 1 -
Guus
Interesting to see how this develops. If this is going to develop into something more than the one off that it appears to be today, then I wonder if we can start to investigate if this means anything, eg if automatic account creation is easier in the Matrix ecosystem than with XMPP, or that automatic message delivery APIs are easier to use, etc.
-
Licaon_Kter
MattJ: ¯\_(ツ)_/¯ But I was speaking only about spammers ;)
-
Jason Hammons
Testing.
-
Jason Hammons
What does my name display as?
-
MattJ
Jason Hammons
-
Jason Hammons
Thank you.
-
bkil
Spammers use whatever platform that makes the most financial sense. I.e., they advertise on the platforms that has sufficient number of potential paying customers & laymen. While a given messenger is only used by a few geeks, it is usually not a good target for monetization. Matrix has reached commercial viability in the recent years due to its growing popularity and appeal for common people. Although we receive most spammers from Telegram/WhatsApp still (no wonder, given the proportions).
-
bkil
For implementing concrete heuristics, see the XMPP MUC mod-ideas at conference.movim.eu
-
nuegia.net
bkil, I call bs on that
-
nuegia.net
XMPP has had spammers and we developed immune systems to it
-
nuegia.net
xmpp being around since 1998
-
nuegia.net
spam is still an issue for xmpp, and it comes in waves
-
MattJ
carlos, are you the same carlos that runs chatterboxtown?
-
nuegia.net
Matrix has a big spam problem because of poor, near-sighted corporate design.
-
bkil
I don't see how you could protect against the most common varieties in the wild, though.
-
bkil
I have a very elaborate scheme in draft that _might_ work in the end, but it is too complicated to implement.
-
bkil
https://github.com/bkil/banhaxmer/
-
bkil
XMPP would provide even less protocol level opportunities to enforce such elaborate web of trust rules than the integer power levels on Matrix.
-
nuegia.net
bkil, you might want to simplify your design by making each componet into a module that returns a float score
-
nuegia.net
of how 'spammy' something is
-
nuegia.net
then tally up the numbers at the end and assign score levels to actions
-
nuegia.net
that's how email spam detection works
-
bkil
I hope it is now not considered by BS by you by providing an elaboration.✎ -
bkil
I hope it is now not considered BS by you by providing an elaboration. ✏
-
bkil
I do not support stochastic (random) delivery similar to what had became the norm on email today.
-
bkil
And it mostly only works if you are registered on one of the top few providers controlling like 90% of email addresses, otherwise you will have a really tough time to enter or negotiate any issues.
-
nuegia.net
I run my own mailserver
-
nuegia.net
I don't have a problem emailing people on bigmailer servers
-
bkil
On a forum that shared their stats, like 80% registered with gmail even 5 years ago. I guess the ratio today would be 90-95%.
-
Amolith
I assume the answer is no but I'm going to ask anyway because I'm really tired of this. Is there an effective way to ban someone who keeps creating accounts on other servers, joining my MUC, and sending extremely graphic and NSFW images? Some have been disgusting porn and others have been dismemberment. I don't know what to do other than continue playing whack-a-mole
-
bkil
Sorry I'm off to sleep now
-
nuegia.net
Amolith, I have that problem too sometimes.
-
MattJ
Amolith, if you're running Prosody, set up https://modules.prosody.im/mod_muc_rtbl
-
bkil
But it's a statistical anomaly to only consider those who succeed, see negative publication bias, etc Sorry, too tired to search and link all relevant wiki articles right now
-
nuegia.net
Amolith, the best way i've found is to report the abuse to the provider they come in, ask them to look for other accounts on that ip address
-
nuegia.net
often times they do, and they find 10-30 other accounts to suspend
-
Amolith
MattJ, I'm not at the moment but I'm honestly considering it because it seems to have a lot more modules for preventing spam
-
nuegia.net
Amolith, develop a checklist for dealing with spammers
-
bkil
Closing words: you can get a (residential proxy) for a few cents to work around such simple IP block. And also, most providers can take days to act according to our experience.
-
nuegia.net
it would be really nice if we could work together on creating a blocklist for people who are creating a bunch of accounts on open reg xmpp servers
-
Amolith
something like this but for JIDs maybe https://github.com/JabberSPAM/blacklist
-
MattJ
That's what mod_muc_rtbl does, but in real-time
-
Amolith
Yep
-
nuegia.net
the jabberspam blacklist is really unfortunate
-
MattJ
All tonight's spam JIDs have been added to the blocklist within a minute or two of a blocklist admin being aware of a new JID
-
nuegia.net
I get a lot of legitimate users from creep.im, even tho it's listed
-
MattJ
and messages have been scrubbed from the room history of MUCs I have sufficient control over
-
nuegia.net
thanks for that MattJ
-
MattJ
The tools are here, they're just not universally deployed
-
carlos
MattJ: no
-
fireburner
Is here anyone from magicbroccoli.de Server? There is a muc and the owner hasn't been seen for a while and there are no other Moderators, but there is a user having the n-word AS there user name and he de shoukd be banned. The muc is lineage@conference.magicbroccoli.de
-
MattJ
carlos, okay, thanks
-
Guus
The tools are here, in Prosody, perhaps. Outside of it? Openfire has a jabberspam-list, but nothing as 'live' as mod_muc_rtbl
-
nuegia.net
fireburner, there's also someone posting gore porn across mucs from magiccrobboli
-
fireburner
Maybe the same person
-
Trung
can people start droping the spammer's IP in here?
-
nuegia.net
i can't see their jid as i'm not an admin in the muc it's happening, but templeos is their nick
-
Trung
would help quite a bit
-
nuegia.net
when dealing with spam every little bit helps
-
nuegia.net
no single solution by itself stops spam
-
fireburner
Now there is someone calling themself 'niggers' spamming around in multiple mucs
-
nuegia.net
a bunch of little systems compounded into a gestalt creates a burden larger then the spammers is willing to deal with
-
nuegia.net
least in most cases
-
MattJ
fireburner, it's almost certainly the same person
-
MattJ
They've been creating accounts across various servers (almost all of them deleted already), and spamming MUCs with various unpleasant stuff
-
MattJ
If you are an operator of a Prosody server with public MUCs, ensure mod_muc_rtbl is loaded and set muc_rtbl_jid = "xmppbl.org"
-
MattJ
You may also consider https://modules.prosody.im/mod_muc_restrict_media
-
nuegia.net
MattJ, quick questions about muc_rtml
-
nuegia.net
does that mean trusting everyone who can create and become an admin of a muc on their server
-
nuegia.net
and what's the link to the blacklist already on xmppbl.org?
-
nuegia.net
I'd like to take a look at it myself before applying it
-
MattJ
There's no web link, and only hashes of JIDs are in the blocklist
-
nuegia.net
why hashes?
-
Guus
Is that plugin based on a XEP, Mattj?
-
MattJ
For many reasons, JIDs may be identifying, and may contain the same offensive stuff we want to block, for example
-
MattJ
Guus, XEP-0060
-
Guus
pff :)
-
Guus
I think you know that's not what I ment :)
-
MattJ
I wasn't sure, but I'm not sure what else to say :)
-
Guus
something that defines the hashing algorithm commonly used, that has suggestions on where & when to apply additions / removals, etc.
-
Trung
our friend is quite active in here atm: en@chat.404.city
-
Guus
But from your earlier response, I take that doesn't exist.
-
MattJ
Guus, no, there is no such definition. mod_muc_rtbl assumes sha256(jid) currently, mod_firewall also supports subscribing to these lists but IIRC it's configurable to use any format
-
Guus
A XEP makes for an easy reference into a to-be-created feature request ticket, that's all :)
-
MattJ
Right now I can only offer https://modules.prosody.im/mod_muc_rtbl#protocol
-
MattJ
But it's barely a protocol right now, apart from XEP-0060
-
Guus
I just created a 'steal Prosody's stuff' ticket
-
nuegia.net
lol
-
Guus
although I suspect that there's little interest - most of our servers aren't big in federating - mostly inner-org, private servers.
-
nuegia.net
I don't see where you actually subscribe to xmppbl in the module's document or source
-
nuegia.net
muc_rtbl_jid?
-
nuegia.net
MattJ, are you thin one running xmppbl?
-
Guus
nuegia.net: I don't read LUA, but line 8 suggests it is a configurable option: https://hg.prosody.im/prosody-modules/file/0a257d1402c3/mod_muc_rtbl/mod_muc_rtbl.lua
-
Guus
(which kind of makes sense to me)
-
nuegia.net
I see that
-
MattJ
nuegia.net, xmppbl.org is run by a few people, and a few people have access to manage the blocklist
-
MattJ
That's about as specific as it will get for now in a public venue. You're free to take it or leave it :)
-
nuegia.net
ok
-
nuegia.net
What are the conditions for a jidhash to get added to the blocklist, or removed as of now?
-
nuegia.net
that's done manually by a human entering in things right now right?
-
nuegia.net
Is this a project that was spun up for an emergency, or a more formal thing?
-
MattJ
It was spun up because I was tired of manually banning JIDs across dozens of MUCs
-
MattJ
There's no specific list of conditions to get on the blocklist, but it's only used when necessary (spam/abuse across multiple MUCs)
-
Menel
If one could enter more then one node, and had some easy way to add and remove items, it could be quite a distributed feature.. Lots of servers could run their own nodes and others could subscribe to other nodes they trust.
-
MattJ
Yes, it's definitely planned to add support for more than one list (you can already do this with mod_firewall, but it's more complex than mod_muc_rtbl)
-
MattJ
Multiple lists, aggregators of lists, all would be good
-
nuegia.net
ok
-
nuegia.net
thankyou for this
-
MattJ
But the current module was written in a limited amount of time to solve a specific problem I was facing at the time
-
Menel
Snikket far future feature?
-
nuegia.net
I'll apply it now
-
MattJ
Snikket servers generally don't have much of a spam problem, by their nature. But potentially, sure.
-
Menel
For the time everyone only uses snikket
-
MattJ
Well then, of course :)
-
Menel
The current method surely works for the one Spammer once every 6 month
-
nuegia.net
MattJ, your saying mod_firewall now has the ability to update it's lists from pubsub?
-
MattJ
I'd like to see more work on moderation tooling in XMPP. I've thrown a few things out, and they're useful, but there's a lot more that could be done to expand them and make them more user-friendly.
-
MattJ
nuegia.net, yes, since 2 years ago: https://hg.prosody.im/prosody-modules/rev/b88f05c878ac
-
nuegia.net
muc_rtbl_jid = "xmppbl.org" right?
-
MattJ
Though it looks like I possibly neglected to update the docs
-
MattJ
Right
-
nuegia.net
thanks
-
nuegia.net
Hey is there an easy way to have an exeption list but only for passing through certain blocklists but still go through other firewall checks with mod_firewall?
-
MattJ
mod_firewall can do pretty much anything you want
-
nuegia.net
it's synxtax is kind of confusing, especially when you get chains involved
-
MattJ
https://modules.prosody.im/mod_firewall#check-list has an example to check a list
-
nuegia.net
If anybody else has encountered the same need, I was hoping they could publish a template or something
-
nuegia.net
Yeah, I know how to check a list, what i'm talking about is how to bypass the list check only for certain conditions
-
moparisthebest
nuegia.net: like https://burtrum.org/kids_firewall.pfw.txt ?
-
Harper
Any ejabberd support for the block list?
-
MattJ
Harper, not that I'm aware of, currently
-
nuegia.net
the usecase is i want to apply a blocklist for servers, but I want to whitelist all the jids already coming into my servers that aren't causing trouble so their not affected by the block
-
MattJ
Harper, I think there is a module for the text file one (which blocks whole servers), but not the real-time lists and not for MUC
-
MattJ
nuegia.net, I try to be mindful of that, for example Prosody's example spam-blocking rules will skip most checks for users on your roster already, and mod_muc_rtbl won't ban people who are members of a MUC
-
MattJ
So the local server is basically the priority, and the blocklists/filtering are just used otherwise
-
Harper
The xmppbl is just pubsub node?
-
MattJ
Yes
-
nuegia.net
another spammer jid: niggers <niggers@chatterboxtown.us>
-
diane
icky.
- a moderator removed a message
-
nuegia.net
templeos <templeos@magicbroccoli.de>
-
MattJ
That account was already deleted earlier
-
MattJ
afaik
-
nuegia.net
thanks
-
MattJ
everyoneisattractedtominors@chatterboxtown.us was just added to the RTBL
-
mightyBroccoli
yes the account is banned already.
-
nuegia.net
with the content and names of the spam, it doesn't seem financially motivated
-
Amolith
This is the same person who's been spamming my MIC✎ -
Amolith
This is the same person who's been spamming my MUC ✏
-
ij
not only yours
-
moparisthebest
Is this our old friend morph again
-
Amolith
> not only yours Yep, I just looked through some of my other MUCs with recent activity
-
Amolith
They're everywhere
-
fireburner
This one is spamming now everyoneisattractedtominors@chatterboxtown.us
-
wurstsalat
now it's xmppiscensorship@chatterboxtown.us
-
moparisthebest
"banning people who post gore is censorship" is certainly a take lol
-
Amolith
I toggle the CAPTCHA option in my MUC through Dino. I don't know whether that actually enables a CAPTCHA but we'll see whether it makes a difference
-
antranigv
Hey operators
-
benk
barev
-
antranigv
for the first time we got a porn/spam in our MUC. while I banned the user, I’m not sure if I can delete the old message. any advice?
-
MattJ
antranigv, what software does your service run?
-
wurstsalat
antranigv, https://modules.prosody.im/mod_muc_moderation.html on prosody
-
antranigv
I’m running prosody
-
antranigv
I really want to move to ejabberd tho :D
-
antranigv
@wurstsalat thanks. I’ll check it now
-
MattJ
antranigv, enable mod_muc_moderation: https://modules.prosody.im/mod_muc_moderation
-
MattJ
Oh, wurstsalat already said, sorry :)
-
wurstsalat
antranigv, you'll need a XEP-0425 capable client though (poezio, gajim, ...)
-
antranigv
Gajim on macOS? lemme check
-
wurstsalat
some people use Gajim on macOS, yes (no official packages though)
-
antranigv
okay, time to get the FreeBSD machine :D
-
wurstsalat
flatearthandelitegenderinversion@chatterboxtown.us is spamming now
-
TheCoffeMaker
thx wurstsalat
-
antranigv
oh god, it’s the same spam everywhere
-
gooya
We need like a global blacklist github of known domains with spammers
-
MattJ
Since you're running Prosody, you should add mod_muc_rtbl too: https://modules.prosody.im/mod_muc_rtbl (with muc_rtbl_jid = "xmppbl.org")
-
Harper
That already exists
-
gooya
Harper: Yeah I know but it is inactive
-
MattJ
It's not inactive
-
MattJ
The set of spammy servers doesn't change daily
-
nicoco
MattJ: just muc_rtbl_jid? no need to set muc_rtbl_node?
-
MattJ
No, the default is what you want
-
nicoco
thanks
-
nicoco
I guess restarting prosody is the easiest way to get it to load after editing the .cfg.lua?
-
MattJ
prosodyctl shell config reload && prosodyctl shell module load muc_rtbl conference.example.com
-
antranigv
has someone here ever done a prosody -> ejabberd migration with data and users? Users are in prosody files
-
antranigv
i mean I can do it manually, I know both pretty well, but in case there was a conversion tool