XMPP Service Operators - 2026-01-09

  1. based.pt

    hello

  2. Samson Smith

    hi

  3. Kris

    boa noite

  4. based.pt

    tom, sorry for what happened, i dealt with the situation already. and updated my server contacts.

  5. based.pt

    also blocked account creation

  6. tom

    based.pt, are you also the admin of nigga.pt?

  7. based.pt

    i am

  8. tom

    why did you chose those domains?

  9. based.pt

    same server, diferent domains, no account registration can be done

  10. Kris

    ugh

  11. based.pt

    > why did you chose those domains? no reason in particular, 5 letter words

  12. Kris

    sure 🙄

  13. tom

    based.pt, do you have any idea who was behind the spam attacks? Some of which were targeted to specific groups and people with different messages.

  14. based.pt

    my muc was spammed by accounts from xmpp.earth the same day i banned an user from it. It could be the same user

  15. based.pt

    after the spam i made it so only memeber could message

  16. jjj333_p [pain.agency]

    ive heard theories that its rewtkid, no evidence to corroborate though

  17. based.pt

    who is rewtkid?

  18. jjj333_p [pain.agency]

    a well known xmpp spammer, kinda known for doing similar things

  19. tom

    based.pt, your server is prosody or ejabberd?

  20. based.pt

    prosody

  21. moparisthebest

    > Has anybody been running a xmpp server without dialback security implemented? The consumer of dialback on my server are compliance checkers testing for it. All actual servers have moved onto SASL tom: yea I haven't had dialback or tls 1.2 enabled for years, zero problems, I didn't know anyone had it enabled

  22. tom

    based.pt, I would be open to restoring federation if you would be willing to implement and configure the following protections on your server: https://modules.prosody.im/mod_throttle_unsolicited.html https://modules.prosody.im/mod_report_affiliations.html https://prosody.im/doc/modules/mod_limits Would this be acceptable to you?

  23. based.pt

    i will look into it and then let you know

    👍 1
  24. jjj333_p [pain.agency]

    mod_muc_limits is good too for protecting any mucs you host

  25. based.pt

    tom, do i need extra configuration?

  26. tom

    based.pt, the rate limits can be tuned to values for your local site. The defaults work well for most sites. You would need to add nuegia.net and the rtbl service to report_affiliations_trusted_servers =

  27. based.pt

    whats the rtbl service?

  28. xa0.uk

    having rtbl on a server called nigga.pt is the funniest concept

  29. tom

    https://xmppbl.org/

  30. based.pt

    thank you

  31. based.pt

    done

  32. based.pt

    would it be safe to enable public registration again?

  33. tom

    you should definitely configure more protections on your public registration that out outside the scope of the requirement I have laid out for federation restoration.

  34. tom

    others may be able to help you with that.

  35. based.pt

    ok, i will try and improve on that, meanwhile the server will have registration closed

  36. based.pt

    and again, sorry

  37. based.pt

    you weren't the only one affected, i had another spam report

  38. based.pt

    i assume the same individual spammed on a few more servers

  39. tom

    based.pt, do you already have your server configured to forward spam reports to you?

  40. based.pt

    yes

  41. based.pt

    i already have the 3 modules you sent

  42. based.pt

    unsolicited_messages_per_minute = 10 unsolicited_s2s_messages_per_minute = 100 report_affiliations_trusted_servers = { "nuegia.net", "xmppbl.org" }

  43. based.pt

    im adding mod_anti_spam now

  44. based.pt

    and spam_reporting

  45. tom

    thank you.

  46. based.pt

    done

  47. based.pt

    everything added

  48. based.pt

    test