-
nuegia.net
my server is currently under spam attack by rewtkid alts on various public registration servers.
-
nuegia.net
Yax.im, xmpp.earth, and jabbim.im are temporarily blocked from some mucs
-
Polarian
> my server is currently under spam attack by rewtkid alts on various public registration servers. rewtkid is a spammer? ↺
-
worlio.com
Yes.
-
Polarian
doesn't he host his own server/✎ -
Polarian
doesn't he host his own server? ✏
-
Menel
But that has nothing to do with anything, does it?
-
Polarian
well shouldn't it be ban listed then?
-
Menel
The spam comes from other servers
-
Polarian
how do you know its rewtkid
-
ernst.on.tour
Possible: rewtkid@srvA.com rewtkid@srvB.com rewtkid@srvC.com ?
-
Polarian
oh right... that would explain it...
-
Polarian
what about inpersonations though?
-
moparisthebest
Keep in mind that means nothing
-
Polarian
ok whats rewtkids server?
-
Polarian
all I remember is its the anarchism one
-
ernst.on.tour
But this doesn't make it true that he is really doing it. Everybody could be rewtkid@....
-
Polarian
that is why I am asking for his server :)
-
Polarian
Does anyone remember his JID?
-
Polarian
not the "alts"
-
ernst.on.tour
Has anybody ever seen his JID ? Here it will only be shown as operators@muc.xmpp.org/rewtkid
-
worlio.com
I know well it is the same rewtkid. Rewtkid admitted to DDoSing a server he disagreed with and at the same time these spam attacks have occured, the same DDoS method is being used against my service. Rewtkid has a vendetta against me because of someone I associate myself with.✎ -
worlio.com
I know well it is the same rewtkid. Rewtkid admitted to DDoSing a server he disagreed with ages ago and at the same time these spam attacks have occured, the same DDoS method is being used against my service. Rewtkid has a vendetta against me because of someone I associate myself with. ✏
-
ernst.on.tour
The ban "must" be: rewtkid@* except rewtkid@trueserver Don't think that this will be possible by banlist. BUT.... This seems to by a personal fight between nuegia (and/or worlio) and rewtkid ? Why should the global banlist be used to eleminate a personal war ?
-
worlio.com
Why would you want someone on your service who seems to attack and DDoS services for their own personal grudges?
-
ernst.on.tour
The serveradmin of the muc should ban him locally, but not the whole univers.
-
worlio.com
You could try and ban all the JIDs you want. He is constantly making alternate accounts to spam MUCs from people he doesn't like.
-
ernst.on.tour
> Why would you want someone on your service who seems to attack and DDoS services for their own personal grudges? Maybe you told him a "freak" or "motherf.." or your political view is not his or you are driving the wrong car/bike/.... ? What are his grudges ? Maybe you will let block me global because I'm driving a truck and you a bicycle-rider and we are all potential bicycle-killers.
-
worlio.com
I don't ban for differing views. His attacks are nothing but grudges against who I sided with when he was banned from a no-longer existing MUC.
-
Polarian
Considering the doxbin stuff going on surrounding Rewtkid and the people he knows... I don't think I want to poke this with a 6 foot pole even
-
worlio.com
Regardless of how he feels about it, it does not excuse the behavior. He is spamming and DDoSing services.
-
Menel
That's true. Unfortunately someone manually creating accounts is basically impossible to pre-ban anyway.
-
worlio.com
The goal was to let others know of their current abuse and the services he is using.
-
Polarian
rewtkid leaked his server replying to me a few months back
-
Polarian
unfortunately searching the archives seems impossible...
-
worlio.com
And as such, here are JIDs which he used to spam a MUC of my own: 4trt456534rtg@dismail.de cronjober345etrre@5222.de fsdger654fdg@dismail.de rewtkid@jabbim.com spamdontyanknowitsmybestfriend@yax.im waaaaa543645@draugr.de
-
Menel
I know that server and the conversations. I have the archive here.. That isn't a secret
-
Polarian
Menel, whats his server then?
-
Polarian
his not one of the many which worlio.com is reporting
-
Polarian
the one we can confirm is rewtkid
-
worlio.com
No, he wouldn't be using his main.
-
Polarian
plus I think it might be useful to write a script to check the archives... they are useless currently, unless you know the exact day you are looking for
-
Polarian
> No, he wouldn't be using his main. unhelpful. ↺
-
ernst.on.tour
worlio.com: How will you ban him if he is always using different nicks and servers ?
-
worlio.com
You folks are missing the point.
-
Polarian
what point, the fact that a bunch of people have a flame war with rewtkid right now?
-
worlio.com
More like rewtkid is having a war with a bunch of people.
-
Polarian
can you verify these alts are his?
-
worlio.com
They happened all within 5 seconds of each other after the MUC invite was posted in Spyware when Spyware was being hit with the spam attacks from him. Those spam attacks from Spyware were using names that had been lurking for a long time, which is a tactic rewtkid is known to do.
-
Menel
Polarian: seems it was taken down meanwhile. https://b1t.rip/
-
worlio.com
And his original jid server is no longer around either.
-
Polarian
Menel, this seems more like rewt is the target, not rewt targetting others
-
worlio.com
My point is to let people know a malicious user is on the loose and to be aware their services may be used negatively if they are open.
-
worlio.com
» [13:42:45] <Polarian> Menel, this seems more like rewt is the target, not rewt targetting others Why would I target this person?
-
Polarian
also the account listed on the site is gone too
-
Polarian
> » [13:42:45] <Polarian> Menel, this seems more like rewt is the target, not rewt targetting others > Why would I target this person? not you specifically... ↺
-
Polarian
> My point is to let people know a malicious user is on the loose and to be aware their services may be used negatively if they are open. I could go around pretending to be you, does that mean you should be punished for it? ↺
-
Polarian
assume good faith, even if you hate the guy.
-
Menel
Let's focus for a moment now. 1: Someone is spamming rooms and creating manually random accounts everywhere. So. What is there that anyone can do? I don't think much beside beeing vigilant and using moderation tools.
-
worlio.com
Menel: » [13:42:46] <worlio.com> My point is to let people know a malicious user is on the loose and to be aware their services may be used negatively if they are open.
-
Menel
The rest of the reasons or whatever doesn't help here.
-
worlio.com
Please read.
-
Menel
OK we know noe✎ -
Menel
OK we know now ✏
-
Polarian
> Let's focus for a moment now. > 1: Someone is spamming rooms and creating manually random accounts everywhere. > > So. What is there that anyone can do? I don't think much beside beeing vigilant and using moderation tools. main servers cut registration for a while maybe? ↺
-
Polarian
or limit it right down
-
Menel
Because of one user you want the whole network to shut down? Talking about DOS
-
Polarian
no... but like when a MUC is raided, limit it more
-
Polarian
I have received stuff last night... not sure if its related...
-
Polarian
> Menel: > » [13:42:46] <worlio.com> My point is to let people know a malicious user is on the loose and to be aware their services may be used negatively if they are open. theres nothing you can do about this... ↺
-
worlio.com
What I can do about it: Alert service operators.
-
worlio.com
What I did about it: Alert service operators.
-
Menel
Yes. I know. Everyone knows now, I think we're on the same page.
-
worlio.com
Then no more confusion?
-
Polarian
does anyone know a legitimate way to get to rewtkid... without trusting an alt is him
-
Menel
I think we don't need to speak of it further here.
-
Menel
Polarian: didn't you read the website, there was an address
-
Polarian
> Polarian: didn't you read the website, there was an address it doesn't work ↺
-
worlio.com
» [13:49:52] <Polarian> does anyone know a legitimate way to get to rewtkid... without trusting an alt is him Every single primary account he has used is down or inaccessible.
-
Polarian
who owns thesecure.biz?
-
Menel
OK. If they want to speak with you, I think they would. Likely reading along in this room...
-
Polarian
> » [13:49:52] <Polarian> does anyone know a legitimate way to get to rewtkid... without trusting an alt is him > Every single primary account he has used is down or inaccessible. and you still think its him targetting others? ↺
-
worlio.com
Well I have both the primary JIDs he has used so I have the necessary information to respond.
-
Polarian
sounds like like a attack on him, and everyone else is collateral damage
-
worlio.com
From his b1t.rip/syn.rip accounts, he has messaged an associate of mine admitting to performing DDoS attacks.
-
worlio.com
In the now down chat of b1t.rip, he has talked about abusing other services that involve me, a member named jsj, and anything he uses because he has a deep hatred of jsj for banning him from the now gone MUC.
-
Menel
Sound like jumping to conclusions. But this isn't a courtroom anyway. Could we focus on operators and not vendetta and wars here? The relevance for operators is: Someone is spamming rooms.
-
worlio.com
For someone to impersonate rewtkid to this level that fits exactly his MO as when he was originally identified as a malicious actor, that'd be quite impressive but very stupid of them.
-
worlio.com
Especially since some of his actions have not always been publicly discussed.
-
worlio.com
» [13:53:51] <Menel> Sound like jumping to conclusions. It is not jumping to conclusions if they have admitted to it.
-
nuegia.net
> 05/18/24 | 12:59:53 Polarian: doesn't he host his own server? > 05/18/24 | 13:04:31 Polarian: well shouldn't it be ban listed then? yes, i've already had to ban and firewall those off
-
nuegia.net
that's why he's using public reg servers now
-
nuegia.net
I don't know what's going on or why with rewtkid, but I did have to ban them. If other server operators don't want to clean out a bunch of throwaway spammer jids from their servers and their servers are used in attacks against my network I have no choice but to not restore federation between them which is something i do not want to do
-
nuegia.net
I don't know what's going on between rewtkid and other servers, but I think it's pretty weird there's this long wall of text overnight accusing other server ops of things.
-
nuegia.net
it's not helpful when there is a spam attack going on
-
nuegia.net
> If other server operators don't want to clean out a bunch of throwaway spammer jids from their servers and their servers are used in attacks actually, if your a server operator and aren't willing to do this, don't run a public registration server with federation to other servers.
-
Menel
I'm not sure if I missed something, but all the posted jids are already banned, aren't they.? And reported to the server admins too. I don't think anyone wants spam.
-
Menel
I'm sure you're not receiving spam from these jids then. It is the next unknown jids that will be used next time that your defederstion prevents. And other server operators can't ban unknown manually created accounts
-
ernst.on.tour
Sadly there is no rule how to recordnize a newly created spam-account, therefor it is not possible to make a module for e.g prosody or ejabberd. 🤷🏼♂️
-
Menel
An ejabbered module like https://modules.prosody.im/mod_report_forward.html would be nice tho
-
ernst.on.tour
It will only forward spam-reports from reports of users which have been spamed. Same as here is doing via msg. The AI is the user, not the system. This will only growup the blocklist, to just make long story short, let us block [a-z0-9]{1,255}@[a-z0-9]{1,255} 😉
-
praskovia
I just block 0.0.0.0/0
-
Polarian
sarcasm?
-
worlio.com
*@*