XMPP Service Operators - 2024-02-23


  1. Licaon_Kter

    https://metalhead.club/@thomas/111953036329022476

  2. jonas’

    I accidentally broke search.jabber.network, I'll try to fix it asap

  3. Polarian

    > I accidentally broke search.jabber.network, I'll try to fix it asap you're the dev?

  4. Licaon_Kter

    Not enough :)

  5. jonas’

    there we go.

  6. TheCoffeMaker

    those bugs ain't gonna fix themselves 🦾

  7. jonas’

    yeah

  8. jonas’

    it would be easier if it weren't also a DDoS going on against it.

  9. TheCoffeMaker

    😱

  10. Licaon_Kter

    jonas’: wait wat who why?

  11. jonas’

    I'm not gonna speculate about that in public.

  12. Licaon_Kter

    Ah

  13. agris

    Is there a standard format or template I could use for reporting abuse to xmpp admins and isps?

  14. agris

    Standard forms of evidence etc

  15. agris

    Something I could build a script for to help reduce fatigue reporting attacks using a bunch of throwaway accounts on Various providers

  16. MattJ

    agris, in the coming days I plan to publish a module that will do this for you, if you have a client that can do XEP-0377 ( https://xmpp.org/extensions/xep-0377.html )

  17. jonas-l

    > Standard forms of evidence etc "Evidence" is a difficult thing; the need for some standard would arise if there would be many reports and the need that they are machine readable

  18. MattJ

    jonas-l, XEP-0377 covers basic reporting, for more comprehensive reports the preferred standard is IODEF, which a XEP also exists for

  19. MattJ

    But IODEF needs tooling, since it is a lot more complex

  20. agris

    Most admins aren't machine reading abuse reports. Evidence standard meaning what is good enough for most admins? A screenshot of the abuse or a full xmltrace (not always practical after the fact).

  21. agris

    The problem is a lot of abuse goes unreported and admins have to take action that can result in collateral damage because of too much workload having to manually go in, find admin contacts via the xml console, type up emails, collate abuse evidence, repeat for every bs account

  22. agris

    Vs just blocking hosts with open registration

  23. MattJ

    Yes

  24. agris

    If there was a tool to automate some parts of admin reporting for xmpp, like how spamcop.net is such a tool for email

  25. agris

    Spamcop is able to programmatically lookup abuse contacts and ownership information regarding url domains in message bodies, the admin then unchecks irrelevant abuse contacts, adds some commentary and sends the abuse reports

  26. agris

    Spamcops stops spammers because of how therough it is. It shuts down apammer operations

  27. MattJ

    Agreed. Multiple servers have already been shut down as part of the JabberSPAM project.

  28. agris

    Right now the amount of effort required to properly report and document abuse is heavily imbalanced in favor of the spammer

  29. MattJ

    Others have been fixed by closing registration or implementing protection against spam

  30. agris

    That's true but jabberspam is a manual project and requires a Microsoft account to participate

  31. MattJ

    There is a lot of automation around, but it's not public

  32. MattJ

    As I said, I hope to publish some stuff in the coming days

  33. agris

    How can I get access to some automation?

  34. MattJ

    I plan to publish some stuff in the coming days

  35. Licaon_Kter

    _There's no progress like spam determined progress_

  36. Polarian

    > Agreed. Multiple servers have already been shut down as part of the JabberSPAM project. what is their goal though?

  37. MattJ

    Whose goal?

  38. Polarian

    Spammers

  39. jonas’

    make money

  40. MattJ

    $$$

  41. Polarian

    how?

  42. Polarian

    Spam as a service?

  43. jonas’

    probably yeah.

  44. MattJ

    The current ads are selling their spam service, yeah

  45. Polarian

    but how is spamming servers in any way desirable... surely the XMPP community is too small to have big enemies?

  46. MattJ

    They aren't "enemies", they're just looking for potential customers

  47. Polarian

    What level is blocking done currently? IP? or DNS?

  48. jonas’

    XMPP

  49. jonas’

    (typically)

  50. agris

    > jonas’: > 2024-02-23 11:09 (CST) > make money Not always. Sometimes it's mentally ill people with nothing better to do or some political thing going on in some region

  51. Polarian

    > XMPP so the FQDN?

  52. Polarian

    or the JID?

  53. jonas’

    the server's JID

  54. Polarian

    wait is the spam project using public registration and then repurposing it into a botnet to spam?

  55. Polarian

    I thought they were using their own servers...

  56. agris

    Yes

  57. MattJ

    agris, right. There are different categories of people with different motives.

  58. MattJ

    Polarian, no, they use existing servers (so far)

  59. Polarian

    hm... this is the problem when you give open registration without frisking your users

  60. Polarian

    more measures == less privacy upon registration...

  61. agris

    One method spammers use is to slowly build up accounts on public reg servers and then abuse a much or jid using all of them after another

  62. agris

    One of the most effective measures against this is limiting public reg rates and where their from

  63. jonas’

    be careful in how many details you discuss anti-spam measures in a public space

  64. jonas’

    be careful in how many details you discuss anti-spam measures in a public, logged-forever-world-readably space

  65. Polarian

    first suggestion would be to set a account dead mans switch...

  66. Polarian

    if no activity for a period of time send out a warning

  67. MattJ

    https://github.com/JabberSPAM/resources/blob/master/prosody/restrict-proxy-registrations.md is also very effective

  68. jonas’

    (so far, the methods have basically been already publicly described by the jabberspam project, but just be sure to not divulge any non-obvious details of your antispma)

  69. Polarian

    if not, destroy the account

  70. jonas’

    (so far, the methods have basically been already publicly described by the jabberspam project, but just be sure to not divulge any non-obvious details of your antispam)

  71. Polarian

    this would prevent accumulation of accounts

  72. agris

    I don't think as long as open reg is on on a server it's possible to completely stop but some open reg servers are more abusable then others, and bs accounts on them are generated slower then others

  73. agris

    I've had to defederate some servers but not others because the rate of abuse requiring admin intervention was more then acceptable

  74. Polarian

    > be careful in how many details you discuss anti-spam measures in a public, logged-forever-world-readably space security via obscurity wouldn't work either...

  75. MSavoritias (fae,ve)

    activitypub community is quickly realizing that open registration servers are a liability too

  76. jonas’

    Polarian, that doesn't apply to antispam.

  77. MSavoritias (fae,ve)

    and they are pushing for invite only servers

  78. jonas’

    antispam is a continuous arms race of rules and evasion.

  79. MSavoritias (fae,ve)

    among other things

  80. MSavoritias (fae,ve)

    the safe part of activitypub that is

  81. Polarian

    > antispam is a continuous arms race of rules and evasion. true...

  82. Polarian

    the easiest way would be to do a more... manual account creation

  83. Polarian

    a bit how linode does it

  84. agris

    It sucks to defederate a server because of abuse when the admin isn't malicious, but sometimes it just creates so much extra work it's not in me or my users interests to continue

  85. agris

    That's why I'm looking for ways to automate some parts of reporting to reduce workload

  86. Polarian

    agris: what server(s) do you own

  87. agris

    Nuegia.net and some other vhosts

  88. Polarian

    hm.. never heard of it

  89. agris

    It's down right now. Planning on coming back up in march

  90. Polarian

    I have seen conversations as a big attack vector

  91. jonas’

    conversations.im?

  92. jonas’

    conversations.im, the server?

  93. Polarian

    but conversations is also fast to take out the accounts

  94. Polarian

    > conversations.im, the server? yup

  95. jonas’

    the current wave should be mitigated there as of a few days ago

  96. jonas’

    so if you happen to have blocked it, you should now be able to unblock it

  97. Polarian

    jonas’: which server(s) are you in charge of?

  98. agris

    Yeah their a big server with open reg, but they are pretty responsive to reports

  99. jonas’

    Polarian, only my small friends&family servers.

  100. Polarian

    ah

  101. Polarian

    I have two closed registration servers... but I'm planning on a third open registration server...

  102. jonas’

    (well, and this one, kind of, as I'm part of the XSF' infrastructure team)

  103. jonas’

    (well, and this one (muc.xmpp.org), kind of, as I'm part of the XSF' infrastructure team)

  104. Polarian

    > (well, and this one (muc.xmpp.org), kind of, as I'm part of the XSF' infrastructure team) fancy...

  105. Polarian

    issue with open reg is legal, privacy and data protection

  106. Polarian

    has anyone had issues with illegal use of http uploads?

  107. Polarian

    it was a potential issue I was thinking about as you can use an XMPP account to distribute _anything_

  108. agris

    Yes

  109. Licaon_Kter

    Illegal as in your users upload something illegal?

  110. Polarian

    > Illegal as in your users upload something illegal? yes

  111. Polarian

    > Yes how are you meant to mitigate it?

  112. agris

    Not my users but people uploading cp to other people's cdns and then advertising it on my mucs

  113. Polarian

    > Not my users but people uploading cp to other people's cdns and then advertising it on my mucs which is my exact fear.

  114. jonas’

    Polarian, ideally, destroying the user account kills their media, too.

  115. Polarian

    however the damage is done

  116. Polarian

    by the time its reported you have distributed that...

  117. Polarian

    and therefore liable.

  118. jonas’

    part of the reason I run friends&family :)

  119. agris

    It was part of a harassment campaign to spam my servers with ads for illegal content, and then go to my isp and report

  120. Polarian

    what a headache.

  121. MSavoritias (fae,ve)

    > so if you happen to have blocked it, you should now be able to unblock it thats not a solution tho is it? am i supposed to unblock the server and then in a month or two when i get harrassed or spamed in the group chats to block it again? and do that over and over again?

  122. MSavoritias (fae,ve)

    i doubt my partner or anybody in my group chats wants gore once every month and blocking-unblocking servers

  123. Polarian

    I got a feeling XMPP will turn into "netsplits" where white listing is introduced

  124. Polarian

    you get small circles of federated servers instead of one huge network

  125. Polarian

    eventually ending up like IRac

  126. Polarian

    eventually ending up like IRC

  127. jonas’

    MSavoritias (fae,ve), AIUI, the last wave was classic contact/messaging spam, not gore etc.

  128. MSavoritias (fae,ve)

    well swap gore with messaging spam then :) every month i have to tell my partner and whichever else i am hosting that its the usual ads through messages and we have to block the server for a couple of days and then unblock again

  129. MSavoritias (fae,ve)

    doesnt sound sustainable or a solution imo

  130. MSavoritias (fae,ve)

    > eventually ending up like IRC irc is not even federating afaik. its one server per network so its effectively centralized

  131. r00tobo

    Polarian, irc is different you have a centralize auth system. XMPP you just need to pick one/register in one server and you can chat with everyone else

  132. Polarian

    > Polarian, irc is different you have a centralize auth system. XMPP you just need to pick one/register in one server and you can chat with everyone else I know how it works :)

  133. Polarian

    what I am saying is the federation will become similar to IRC networks

  134. Polarian

    where white listing self contains them

  135. Wirlaburla

    Ah, so like Mastodon.

  136. Wirlaburla

    Where all the networks only whitelist who they like.

  137. MSavoritias (fae,ve)

    i wish mastodon worked like that. it doesnt

  138. MattJ

    Which makes it rather less effective as a communication network

  139. MSavoritias (fae,ve)

    depends what your aim is yes

  140. Wirlaburla

    MSavoritias (fae,ve): It... does... Have you even seen most of those networks? It's like echo-chambers now.

  141. Wirlaburla

    MattJ: Agreed.

  142. MSavoritias (fae,ve)

    > MSavoritias (fae,ve): It... does... Have you even seen most of those networks? It's like echo-chambers now. that has nothing to do with allowlisting. you are spreading misinformation

  143. agris

    We should take what mastodon does with a big grain of salt. They are a Twitter clone

  144. Wirlaburla

    I am not. Maybe they block every single network they don't like, I am unsure. But a lot of them do tend to only allow certain instances to commuicate with theirs.

  145. Wirlaburla

    agris: A clone of the site formely known as Twitter.

  146. MSavoritias (fae,ve)

    Wirlaburla, if you dont know say so. instead of spreading misinformation then :)

  147. agris

    Tomato tomoto

  148. Wirlaburla

    agris: A clone of the site formely known as Twitter.*

  149. agris

    Monsanto bayer

  150. Wirlaburla

    MSavoritias (fae,ve): It isn't misinformation. :|

  151. agris

    Facebook meta

  152. MSavoritias (fae,ve)

    > MSavoritias (fae,ve): It isn't misinformation. :| if its not true and you act like it is then yeah it is very much misinformation.

  153. MSavoritias (fae,ve)

    and you not knowing if it is true makes it worse

  154. Wirlaburla

    I don't see why you are going on about this but yes, it was true. Networks block out other networks they don't like. That is the point, and that is the part that is true. However this is frankly offtopic and unnecessary.

  155. MSavoritias (fae,ve)

    i was talking about the allowlist part not the blocking. your message seemed like standard practise free speech one so i called it out. thats it > Where all the networks only whitelist who they like. this one specifically ^

  156. MattJ

    > However this is frankly offtopic and unnecessary +1, there are other venues to discuss Mastodon federation models :)

  157. Wirlaburla

    Is there really a difference between aggressive blacklisting and whitelisting?

  158. Wirlaburla

    Seems pointless to be on such a topic.

  159. Wirlaburla

    » [11:24:41] <Polarian> has anyone had issues with illegal use of http uploads? XMPP doesn't have this problem, does it? I was sure this was a "why [m] sucks" thing.

  160. agris

    Can we please get back on topic

  161. Wirlaburla

    I thought I brought us back on topic.