XMPP Service Operators - 2024-02-10


  1. Polarian

    kapad, but you are still behind a modem of some sorts

  2. Polarian

    which is not open either :)

  3. Polarian

    and likely the modem does the communication with the ISP

  4. Polarian

    your router only does the LAN

  5. Polarian

    right?

  6. kapad

    yes,

  7. kapad

    `router` is just a name

  8. Polarian

    ah

  9. Polarian

    lol

  10. kapad

    haha, but is also `my` router

  11. kapad

    most of the times ISP is a far Km away of here

  12. chunk

    digital nomad detected

  13. Wirlaburla

    [21:26:16] *chunk rubs latex to see if he squeakz

  14. Wirlaburla

    chunk you got some weird /me messages

  15. chunk

    we're all gonna get banned for bein offtopic at this rate eh, or i will at least

  16. chunk

    LOL

  17. Wirlaburla

    im an operator. are you an operator?

  18. chunk

    i am, was, usually, just not today

  19. Wirlaburla

    good enough imo

  20. chunk

    toofast.vip for 3.5yrs ish

  21. Wirlaburla

    lets operate

  22. chunk

    depends, send your measurements, ethnicity, hair color, etc

  23. Martin

    C'mon, I think that was enough OT now. 😉

  24. Wirlaburla

    okay, on topic now

  25. Wirlaburla

    someone explain pubsub to me like im 11.

  26. Wirlaburla

    I'm not dumb, I just want to understand.

  27. Martin

    https://xmpp.org/extensions/xep-0060.html > This technology uses the classic "publish-subscribe" or "observer" design pattern: a person or application publishes information, and an event notification (with or without payload) is broadcasted to all authorized subscribers. In general, the relationship between the publisher and subscriber is mediated by a service that receives publication requests, broadcasts event notifications to subscribers, and enables privileged entities to manage lists of people or applications that are authorized to publish or subscribe. The focal point for publication and subscription is a "node" to which publishers send data and from which subscribers receive event notifications. Nodes can also maintain a history of events and provide other services that supplement the pure pubsub model. This should be an easy summary of what pubsub is.

  28. Wirlaburla

    It's lost on me.

  29. Martin

    Maybe wait for Europe to wake up. Someone who knows pubsub better, can probably explain it in simple language. I am not deep into pubsub myself.

  30. chunk

    it's a protocol scheme that manages local and remotes users' publishing of data and subscribing of published data

  31. Wirlaburla

    Someone somewhere else was talking about it being used as a social media network and that is what I'm wondering.

  32. Martin

    Movim

  33. Wirlaburla

    Because I just enabled it to be apart of that nodegraph a guy linked earlier. Now I'm wondering what exactly I truly enabled and what I could use it for.

  34. chunk

    pep, a xmpp sub protocol, is also a sub protocol of pubsub sub protocol, it is a user's own publishing system for stuff like are u away, or online, the tune you're playing, etc, just that it has an access control more private for user sake, means a user decides, but pubsub tends to be on the server host for the host, like

  35. chunk

    in essence AP (activity pub, mastadon's protocol) is just a type of a pubsub

  36. chunk

    post it, someone subs it

  37. chunk

    a way to standardize data in federated networks

  38. chunk

    for users

  39. Wirlaburla

    Ah okay.

  40. chunk has emitted his take on the pubsub

  41. Wirlaburla

    ty

  42. chunk

    yw

  43. latex

    Boing boing

  44. frog

    I blocked a user trying to sell xmpp spam on jabber.cz What can I do to flag the account as spam, contact the server admin and submit the jid to the rtbl?

  45. jonas’

    it's not eligible to the rtbl unless it affected MUCs, because the rtbl is only used by MUCs

  46. jonas’

    frog, contact for jabber.cz: abuse: <mailto:support@jabbim.zendesk.com> admin: <mailto:support@jabbim.zendesk.com>

  47. astriid

    wouldn't such user be likely to spam in mucs eventually?

  48. frog

    jonas’: thnx. How/where did you run the contact_info command?

  49. jonas’

    frog, elsewhere™

  50. jonas’

    astriid, no, MUC spam and individual spam are very different for whatever reason

  51. frog

    Gajim XML console?

  52. jonas’

    frog, that's one way to do it

  53. frog

    Is there an ad hoc command that could be used with cheogram for example?

  54. jonas’

    I don't think so.

  55. frog

    So how did you do it? I'm just curious if I can do it on mobile, by sshing to my prosody machine or need to mess around with an XML console

  56. jonas’

    I have a bot in another place I can ask

  57. Menel

    You can ask xmpp:magicbot@magicbroccoli.de for example frog starting with `!help`

  58. Martin

    🐸?

  59. frog

    That's me, *gribbit* Thanks for the uri of the bot

  60. Menel

    Yeah, a comma missing in my message

  61. Martin

    Ah, only read the last message and wondered where the frog comes from. 😂

  62. frog

    OK, it's turning into a small spamwave now

  63. MattJ

    https://floss.social/@mattj/111906490762028477 (my comment to someone on Mastodon re. the spam wave)

  64. astriid

    does anyone support xep-0275?

  65. MattJ

    astriid, I don't think so. I don't think it's practically better than https://xmpp.org/extensions/inbox/xep-reporting-account-affiliations.html which would have a more direct impact

  66. MattJ

    But nobody implements/supports that yet either (I have half an implementation for Prosody)

  67. astriid

    anyone here using ejabberd with a 100k line long acl? does it work?

  68. j.r (jugendhacker.de)

    I'm getting spam from jabbim.cz too, but looks like the operator isn't here

  69. j.r (jugendhacker.de)

    They are running ejabberd 17.11 on a 4.4.19 Kernel, I doubt they will respond to my mail but let's try

  70. chunk

    moew

  71. diane

    Hi I got an an ad in cyrlic for for a jabber spamming service from aquirky@draugr.de

  72. MattJ

    diane: thanks. We're aware there is a spam wave going on that is bypassing most of the current filters. The general advice on https://blog.prosody.im/simple-anti-spam-tips/ still applies.

  73. MattJ

    Particularly if you want to help out with the JabberSPAM project for example, reaching out to operators of servers relaying spam

  74. diane

    🙂 ok

  75. diane

    i will go read the documentation more carefully

  76. lavrentiy

    how do the spammers even get jids?

  77. lavrentiy

    or are they just trying common words?

  78. diane

    Probalby find a poorly managed server with open registration.

  79. diane

    actually maybe not even poorly managed, it's a pain to to identify a slow campaign of adding jids.

  80. lavrentiy

    I mean of people to spam

  81. lavrentiy

    Are they running honeypot mucs?

  82. lavrentiy

    Are they paying muc operators to provide lists of them?

  83. Menel

    It's easy to just use *ListOfCommonNamesAndNicknames*@'knownServer.tld or see nicknames in open channels and try all common servers for these

  84. MattJ

    lavrentiy: I suspect a mixture of approaches, just like with email

  85. lavrentiy

    shouldn't servers flag jids and servers that make many requests to invalid users?

  86. MattJ

    Years ago there were fairy substantial rumours of a couple of server operators receiving payments from spammers in exchange for JID lists.

  87. MattJ

    They almost certainly employ web scrapers too, etc.

  88. diane

    also i bet once you they find your JID they will happily resell your JID to other spammers forever.

  89. Menel

    lavrentiy: they could. Every server operators try not to disclose to everyone what they do exactly and what trashholds they use. So spammers can't plan for that

  90. lavrentiy

    is there an easy way to allow a server to still outbound federate, but only allow same server users to communicate with other same server users?

  91. Menel

    What does outbound federated mean, if not communication?

  92. lavrentiy

    like you could still join mucs

  93. lavrentiy

    or you can add someone as a contact, but they can't add ou

  94. diane

    there's all sorts of things you can do with mod_firewall on prosody

  95. lavrentiy

    everyone always points to mod_firewall, but never any real world examples

  96. lavrentiy

    for years

  97. diane

    not that a lot of people do, as a general principal, security is the art of making things harder to use.

  98. lavrentiy

    I understand a lot of you keep your rules secret in some club

  99. lavrentiy

    for good reason I get it

  100. Menel

    lavrentiy: some rules are here : https://github.com/JabberSPAM/resources/tree/master/prosody

  101. lavrentiy

    you aren't making it easy for the smaller servers to implement meaningful protections the bar across the board should be raised as a whole

  102. diane

    https://github.com/JabberSPAM/resources has information about spam fighting on various services.

  103. lavrentiy

    most of which hasn't been updated in years

  104. diane

    There's some firewall scripts for prosody available in the mod_firewall repository https://hg.prosody.im/prosody-modules/file/tip/mod_firewall/scripts

  105. MattJ

    lavrentiy [17:56]: > most of which hasn't been updated in years Because it generally works. Until yesterday (which is why we're talking about it again)

  106. MattJ

    JabberSPAM isn't just about rules, but also fixing spam at the source

  107. MattJ

    A bunch of servers have been shut down

  108. diane

    Also the hostile actors will keep trying new things. Trying to limiting spam is something that takes constant maintenance.

  109. diane

    MattJ, following the procedure on the block list page https://github.com/JabberSPAM/blacklist, I emailed the domain contact for draugr.de. Hopefully they can read english. (all their pages were in german.)

  110. MattJ

    Thanks!

  111. diane

    I bet there should be more translations of the anti-spam documentation.

  112. chunk

    if i may say, i can't stress it enough, the server's operator should be present to moderate and/or confident moderators, also some degree of respect for privacy like not having whatever mods that publish user lists.

  113. chunk

    its certainly not a set it and forget type of thing, managing spammos, as well if it's not an incessant spamming, that's obviously disrupting things, is it even spam? cuz afaict this russian thing is barely a nuisance, other than having access to personal jids. i found it even slightly comical, what the russian cyrillic translates to, is something kinda funny as one person showed me

  114. chunk

    there's like, for the lulz, and for the damage, two very different things

  115. diane

    it's annoying, and I don't want my users to have to deal with russian crime spam.

  116. Wirlaburla

    » [11:51:51] <lavrentiy> shouldn't servers flag jids and servers that make many requests to invalid users? Then you just run more servers until you get a big enough list, then use one more to begin the spamalypse.

  117. chunk

    spamocalypse zomg nuuuuu

  118. diane

    draugr.de got back to me and said they deleted the spammer account.

  119. chunk

    diane, win