XMPP Service Operators - 2023-06-24

vagina@5222.de for rtbl please

Can confirm

+1

Does anybody know what's up with hot-chilli.net Support? Pastebins in MUCs are not working but no answer in support chat.

> Does anybody know what's up with hot-chilli.net Support? Pastebins in MUCs are not working but no answer in support chat. I haven't seen Roi around in a couple of days. I hope he's okay ↺

😕

> Quinn64: > 2023-06-24 05:39 (GMT+02:00) > I haven't seen Roi around in a couple of days. I hope he's okay hope so too. Is Roi the only admin?

I'm not sure, it's been a while since I used Hot-Chilli

Looks like Beorn is also an admin on there: https://jabber.hot-chilli.net/

Someone using jabber.de to spam atm. Some of the jids where the spam originates from are: xmpp:4fa1b9dd486a606f78d91eadfcc59c18e94ae3@jabber.de xmpp:47d385813117fb0ced95538e59293325bebb8b@jabber.de xmpp:a17f7d42cd7c7441874647eb@jabber.de xmpp:7cb4e46c8a229eeec21f61957a@jabber.de xmpp:23fb08eb7f35e393ae2687891322d3dd82f8c2@yax.im

yep

In 404 gemeral chat and my server

Please add him to blocklist MattJ

Lots of spam coming now from many different yax.im jids

there's a ton of spam coming from yax.im

Ge0rG: is aware

i'm assuming they're abusing the account registration API

pur, techmetx11: please give me a lits of JIDs to delete.

I wish there was an easy way to do so in conversations.

i don't get why servers have XEP-0077 enabled

Maybe check the newly created accounts. jid is random letters and numbers

pur: I just checked the two JIDs reported to me, found five more from the same IPs and deleted both sets

Ge0rG: can you ban the IP?

Ty

techmetx11: I can, but if you ban the user from the MUC, all other yax.im users from the same IP will be also banned

so I'll only ban one current Tor exit node, probably.

i really do wonder if these spammers abuse XEP-0077

since registering with XEP-0077 is as easy as.... sending a form

I don't see a large number of user registrations on yax.im with hex user names.

sorry, my registration watching code was broken. I now found ~3000 accounts using long hexadecimal JIDs, all registered in the last week, and am proceeding to delete them

is it best practice to like block open proxies and tor?

I'm using the DroneBL blacklist for registrations, but apparently it didn't match on most of these registrations

I use this merged list in nftables and default drop all packets https://iplists.firehol.org/?ipset=firehol_anonymous

hi there. may i ask someone to confirm that they can connect tot he kosmos.chat MUC service and write t its MUC rooms? (e,.g. in ops@kosmos.chat)

a user from another domain is getting timeouts, and for some reason all our rooms disappeared from https://search.jabber.network too

no idea why, i'm basically certain that it wasn't unreachable for a week, and from here everything looks totally fine

raucao: https://connect.xmpp.net/ is only able to connect on S2S via StartTLS, it fails everything else when I had it check

thx ✏

i found that the ip address that is used for the MUC service (but not the rest) was down

so local users were able to connect through their accounts on the same server, but remote ones would get timeouts

hmm, that website says

> Unable to contact the testing API. It might be unavailable or blocked. > undefined

lol, just a coincidence. worked on 2nd try

is it normal to define SRV records for MUC domains?

because it looks like we only have records for our main domain

I have SRV records for everything I want accessible by external users, including my MUC component. I don't have an A/AAAA or CNAME record for my MUC component at all, just SRV

Ge0rG: do you flag JIDs with pure hexadecimal?

like 0123456789abcdef

there might be legit people using hash JID too btw

yes

or maybe, depending on context

too many accounts registered in a minute/hour

per IP

> only able to connect on S2S via StartTLS, it fails everything else when I had it check the ejabberd docs say direct tls is deprecated in favor of starttls

is that up to date?

holy sh-

i'm considering that maybe it was a mistake to make in-band registering way too easy ✏

> is that up to date? no... at least from a security perspective ↺

penises@conversations.im for rtbl please

and templeos@xmpp.is

rape@5222.de for rtbl please

It was a right choice removing public server addresses which support XEP-0077 in the user manual. Nobody ensures they keep supporting it in the future. It seems reports about spammers are many, is that because XMPP is becoming popular? :)

the majority of these are the same person

Oops.

What is the way to deal with the accounts? Delete the them or forbid them to login?

I guess it doesn't matter. If one account doesn't work, a new one will be created

I changed all mucs to moderated a few month ago when they spamed a lot last time. Don't have any problems today :)

A couple of mods and it seems to work well

> I guess it doesn't matter. If one account doesn't work, a new one will be created It matters for manual creator. I wonder when an IP address is blocked, what is the feed back information to them? Maybe “policy violation”?

Oh I thought you would just change the password of this account to block login

If its an IP block that could maybe help

you can't block their IP because they don't connect to your server

only if their account is on your server

Of course

You are right

>It matters for manual creator. Sorry. I mean the guide book.

Woops :)

:>

Does anybody know the xmpp.is admin? Seems like they would want to moderate childporn@muc.xmpp.is

Looks like the mail addresses here are the only way to contact them: https://xmpp.is/contact/

I've written to xmpp.is admin before and they usually respond very fast.

try it

ejaculationfromtheanus@conversations.im for rtbl please

paphnoutios: already on it ~9m ago