XMPP Service Operators - 2023-12-16

  1. stvn


  2. barlas

    hi stvn

  3. stvn


  4. barlas

    How is it going?

  5. Licaon_Kter

    barlas: can you read the topic? :) fine otherwise

  6. antranigv

    I got massive spam registration

  7. antranigv

    anyone got anything similar?

  8. antranigv

    started 30 minutes ago

  9. antranigv

    I just disabled registration

  10. antranigv

    and I will delete the accounts in a bit

  11. huxxer

    Check here the same

  12. Licaon_Kter

    Patterns? Used for?

  13. mitrov

    anyone running Wazuh or similar SIEM on their servers?

  14. Menel


  15. huxxer

    > Patterns? Used for? Like always a random Name with prefix letter

  16. Licaon_Kter

    huxxer: no, I meant after, what were the accounts used for?

  17. huxxer

    I dont know. I guess just for a spam Wave later. Just registered bulk accounts in less minutes.

  18. mitrov

    Just block all proxies and Tor

  19. moparisthebest

    Keep in mind some people live in places where they have to use Tor

  20. Menel

    Some servers sandbox tor users and send them a message to contact the admin. And only after they do, they can talk to everybody else

  21. Menel

    A compromise

  22. Menel

    Using mod_firewall with prosody for example

  23. mitrov


  24. moparisthebest

    No one deserves anonymity ? Gross

  25. Menel

    What said that?

  26. Menel


  27. mitrov

    I just mean for like registering

  28. mitrov

    or at least flag those ones

  29. moparisthebest

    Menel: mitrov said it

  30. mitrov

    and cater to your users

  31. mitrov

    if you're users are unlikely to use/need a proxy, then just block them if they are likely, then don't

  32. mitrov

    context, etc.

  33. moparisthebest

    flagging I don't necessarily have a problem with, outright blocking I find gross, that's all

  34. Menel

    It's all about how much energy and time has the operator. There are still many servers that allow tor users

  35. mitrov

    moparisthebest, another good case is if you do s2s only

  36. moparisthebest

    Why shouldn't servers do s2s over Tor ?

  37. Menel

    I would take the yax.im approach, until the manual work will be too much. But I guess it isn't that much

  38. mitrov

    moparisthebest, does that even work reliably? afaict most impls leak it

  39. mitrov

    unless they use onions, otherwise how does incoming work?

  40. mitrov

    you can't accept connections over clearnet tor

  41. mitrov

    and if you're using onions, that means you already likely have a hardcoded list of other onion servers you peer with which means you can still use a blocklist like above since that is just exit nodes

  42. moparisthebest

    > you can't accept connections over clearnet tor There's no reason you shouldn't accept S2S over Tor, they prove their authenticity with a certificate Also you are currently right re: onions but I'd like that to be seamlessly supported too, it'd be great if a large portion or all s2s connections were fully over Tor hidden services

  43. Menel

    You can't use it over tor at the moment, because the dns lookup won't work. Regardless if the certificate will be trusted. It could work with s2s bidi, but only if the tor sever opens the connection. And that's a fragile setup then

  44. moparisthebest

    I'm talking about say my clearnet server making outgoing s2s connections over Tor, that works now

  45. Menel

    Yes, sure 👍