XMPP Service Operators - 2024-05-18


  1. nuegia.net

    my server is currently under spam attack by rewtkid alts on various public registration servers.

  2. nuegia.net

    Yax.im, xmpp.earth, and jabbim.im are temporarily blocked from some mucs

  3. Polarian

    > my server is currently under spam attack by rewtkid alts on various public registration servers. rewtkid is a spammer?

  4. worlio.com

    Yes.

  5. Polarian

    doesn't he host his own server/

  6. Polarian

    doesn't he host his own server?

  7. Menel

    But that has nothing to do with anything, does it?

  8. Polarian

    well shouldn't it be ban listed then?

  9. Menel

    The spam comes from other servers

  10. Polarian

    how do you know its rewtkid

  11. ernst.on.tour

    Possible: rewtkid@srvA.com rewtkid@srvB.com rewtkid@srvC.com ?

  12. Polarian

    oh right... that would explain it...

  13. Polarian

    what about inpersonations though?

  14. moparisthebest

    Keep in mind that means nothing

  15. Polarian

    ok whats rewtkids server?

  16. Polarian

    all I remember is its the anarchism one

  17. ernst.on.tour

    But this doesn't make it true that he is really doing it. Everybody could be rewtkid@....

  18. Polarian

    that is why I am asking for his server :)

  19. Polarian

    Does anyone remember his JID?

  20. Polarian

    not the "alts"

  21. ernst.on.tour

    Has anybody ever seen his JID ? Here it will only be shown as operators@muc.xmpp.org/rewtkid

  22. worlio.com

    I know well it is the same rewtkid. Rewtkid admitted to DDoSing a server he disagreed with and at the same time these spam attacks have occured, the same DDoS method is being used against my service. Rewtkid has a vendetta against me because of someone I associate myself with.

  23. worlio.com

    I know well it is the same rewtkid. Rewtkid admitted to DDoSing a server he disagreed with ages ago and at the same time these spam attacks have occured, the same DDoS method is being used against my service. Rewtkid has a vendetta against me because of someone I associate myself with.

  24. ernst.on.tour

    The ban "must" be: rewtkid@* except rewtkid@trueserver Don't think that this will be possible by banlist. BUT.... This seems to by a personal fight between nuegia (and/or worlio) and rewtkid ? Why should the global banlist be used to eleminate a personal war ?

  25. worlio.com

    Why would you want someone on your service who seems to attack and DDoS services for their own personal grudges?

  26. ernst.on.tour

    The serveradmin of the muc should ban him locally, but not the whole univers.

  27. worlio.com

    You could try and ban all the JIDs you want. He is constantly making alternate accounts to spam MUCs from people he doesn't like.

  28. ernst.on.tour

    > Why would you want someone on your service who seems to attack and DDoS services for their own personal grudges? Maybe you told him a "freak" or "motherf.." or your political view is not his or you are driving the wrong car/bike/.... ? What are his grudges ? Maybe you will let block me global because I'm driving a truck and you a bicycle-rider and we are all potential bicycle-killers.

  29. worlio.com

    I don't ban for differing views. His attacks are nothing but grudges against who I sided with when he was banned from a no-longer existing MUC.

  30. Polarian

    Considering the doxbin stuff going on surrounding Rewtkid and the people he knows... I don't think I want to poke this with a 6 foot pole even

  31. worlio.com

    Regardless of how he feels about it, it does not excuse the behavior. He is spamming and DDoSing services.

  32. Menel

    That's true. Unfortunately someone manually creating accounts is basically impossible to pre-ban anyway.

  33. worlio.com

    The goal was to let others know of their current abuse and the services he is using.

  34. Polarian

    rewtkid leaked his server replying to me a few months back

  35. Polarian

    unfortunately searching the archives seems impossible...

  36. worlio.com

    And as such, here are JIDs which he used to spam a MUC of my own: 4trt456534rtg@dismail.de cronjober345etrre@5222.de fsdger654fdg@dismail.de rewtkid@jabbim.com spamdontyanknowitsmybestfriend@yax.im waaaaa543645@draugr.de

  37. Menel

    I know that server and the conversations. I have the archive here.. That isn't a secret

  38. Polarian

    Menel, whats his server then?

  39. Polarian

    his not one of the many which worlio.com is reporting

  40. Polarian

    the one we can confirm is rewtkid

  41. worlio.com

    No, he wouldn't be using his main.

  42. Polarian

    plus I think it might be useful to write a script to check the archives... they are useless currently, unless you know the exact day you are looking for

  43. Polarian

    > No, he wouldn't be using his main. unhelpful.

  44. ernst.on.tour

    worlio.com: How will you ban him if he is always using different nicks and servers ?

  45. worlio.com

    You folks are missing the point.

  46. Polarian

    what point, the fact that a bunch of people have a flame war with rewtkid right now?

  47. worlio.com

    More like rewtkid is having a war with a bunch of people.

  48. Polarian

    can you verify these alts are his?

  49. worlio.com

    They happened all within 5 seconds of each other after the MUC invite was posted in Spyware when Spyware was being hit with the spam attacks from him. Those spam attacks from Spyware were using names that had been lurking for a long time, which is a tactic rewtkid is known to do.

  50. Menel

    Polarian: seems it was taken down meanwhile. https://b1t.rip/

  51. worlio.com

    And his original jid server is no longer around either.

  52. Polarian

    Menel, this seems more like rewt is the target, not rewt targetting others

  53. worlio.com

    My point is to let people know a malicious user is on the loose and to be aware their services may be used negatively if they are open.

  54. worlio.com

    » [13:42:45] <Polarian> Menel, this seems more like rewt is the target, not rewt targetting others Why would I target this person?

  55. Polarian

    also the account listed on the site is gone too

  56. Polarian

    > » [13:42:45] <Polarian> Menel, this seems more like rewt is the target, not rewt targetting others > Why would I target this person? not you specifically...

  57. Polarian

    > My point is to let people know a malicious user is on the loose and to be aware their services may be used negatively if they are open. I could go around pretending to be you, does that mean you should be punished for it?

  58. Polarian

    assume good faith, even if you hate the guy.

  59. Menel

    Let's focus for a moment now. 1: Someone is spamming rooms and creating manually random accounts everywhere. So. What is there that anyone can do? I don't think much beside beeing vigilant and using moderation tools.

  60. worlio.com

    Menel: » [13:42:46] <worlio.com> My point is to let people know a malicious user is on the loose and to be aware their services may be used negatively if they are open.

  61. Menel

    The rest of the reasons or whatever doesn't help here.

  62. worlio.com

    Please read.

  63. Menel

    OK we know noe

  64. Menel

    OK we know now

  65. Polarian

    > Let's focus for a moment now. > 1: Someone is spamming rooms and creating manually random accounts everywhere. > > So. What is there that anyone can do? I don't think much beside beeing vigilant and using moderation tools. main servers cut registration for a while maybe?

  66. Polarian

    or limit it right down

  67. Menel

    Because of one user you want the whole network to shut down? Talking about DOS

  68. Polarian

    no... but like when a MUC is raided, limit it more

  69. Polarian

    I have received stuff last night... not sure if its related...

  70. Polarian

    > Menel: > » [13:42:46] <worlio.com> My point is to let people know a malicious user is on the loose and to be aware their services may be used negatively if they are open. theres nothing you can do about this...

  71. worlio.com

    What I can do about it: Alert service operators.

  72. worlio.com

    What I did about it: Alert service operators.

  73. Menel

    Yes. I know. Everyone knows now, I think we're on the same page.

  74. worlio.com

    Then no more confusion?

  75. Polarian

    does anyone know a legitimate way to get to rewtkid... without trusting an alt is him

  76. Menel

    I think we don't need to speak of it further here.

  77. Menel

    Polarian: didn't you read the website, there was an address

  78. Polarian

    > Polarian: didn't you read the website, there was an address it doesn't work

  79. worlio.com

    » [13:49:52] <Polarian> does anyone know a legitimate way to get to rewtkid... without trusting an alt is him Every single primary account he has used is down or inaccessible.

  80. Polarian

    who owns thesecure.biz?

  81. Menel

    OK. If they want to speak with you, I think they would. Likely reading along in this room...

  82. Polarian

    > » [13:49:52] <Polarian> does anyone know a legitimate way to get to rewtkid... without trusting an alt is him > Every single primary account he has used is down or inaccessible. and you still think its him targetting others?

  83. worlio.com

    Well I have both the primary JIDs he has used so I have the necessary information to respond.

  84. Polarian

    sounds like like a attack on him, and everyone else is collateral damage

  85. worlio.com

    From his b1t.rip/syn.rip accounts, he has messaged an associate of mine admitting to performing DDoS attacks.

  86. worlio.com

    In the now down chat of b1t.rip, he has talked about abusing other services that involve me, a member named jsj, and anything he uses because he has a deep hatred of jsj for banning him from the now gone MUC.

  87. Menel

    Sound like jumping to conclusions. But this isn't a courtroom anyway. Could we focus on operators and not vendetta and wars here? The relevance for operators is: Someone is spamming rooms.

  88. worlio.com

    For someone to impersonate rewtkid to this level that fits exactly his MO as when he was originally identified as a malicious actor, that'd be quite impressive but very stupid of them.

  89. worlio.com

    Especially since some of his actions have not always been publicly discussed.

  90. worlio.com

    » [13:53:51] <Menel> Sound like jumping to conclusions. It is not jumping to conclusions if they have admitted to it.

  91. nuegia.net

    > ‎05/18/24 | 12:59:53 ‎Polarian‎: doesn't he host his own server? > ‎05/18/24 | 13:04:31 ‎Polarian‎: well shouldn't it be ban listed then? yes, i've already had to ban and firewall those off

  92. nuegia.net

    that's why he's using public reg servers now

  93. nuegia.net

    I don't know what's going on or why with rewtkid, but I did have to ban them. If other server operators don't want to clean out a bunch of throwaway spammer jids from their servers and their servers are used in attacks against my network I have no choice but to not restore federation between them which is something i do not want to do

  94. nuegia.net

    I don't know what's going on between rewtkid and other servers, but I think it's pretty weird there's this long wall of text overnight accusing other server ops of things.

  95. nuegia.net

    it's not helpful when there is a spam attack going on

  96. nuegia.net

    > If other server operators don't want to clean out a bunch of throwaway spammer jids from their servers and their servers are used in attacks actually, if your a server operator and aren't willing to do this, don't run a public registration server with federation to other servers.

  97. Menel

    I'm not sure if I missed something, but all the posted jids are already banned, aren't they.? And reported to the server admins too. I don't think anyone wants spam.

  98. Menel

    I'm sure you're not receiving spam from these jids then. It is the next unknown jids that will be used next time that your defederstion prevents. And other server operators can't ban unknown manually created accounts

  99. ernst.on.tour

    Sadly there is no rule how to recordnize a newly created spam-account, therefor it is not possible to make a module for e.g prosody or ejabberd. 🤷🏼‍♂️

  100. Menel

    An ejabbered module like https://modules.prosody.im/mod_report_forward.html would be nice tho

  101. ernst.on.tour

    It will only forward spam-reports from reports of users which have been spamed. Same as here is doing via msg. The AI is the user, not the system. This will only growup the blocklist, to just make long story short, let us block [a-z0-9]{1,255}@[a-z0-9]{1,255} 😉

  102. praskovia

    I just block 0.0.0.0/0

  103. Polarian

    sarcasm?

  104. worlio.com

    *@*