ejabberd icon indicating copy to clipboard operation
ejabberd copied to clipboard

Published 20 hours ago verified publisher icon processone

Fighting XMPP spam

Open member7me opened this issue 2 years ago • 2 comments

Hello. Spam nowadays is huge problem. My friends small xmpp server on 300 members 100 online consists only of spam and bots. Yea, there are methods to combat spam, but they are extremely inefficient. https://www.process-one.net/blog/fighting-xmpp-abuse-and-spam-with-ejabberd-ejabberd-workshop-1/ Built-in captcha with captcha: true is not effective, development on a home server is not advisable. Even if you completely ban new registrations (protection from outgoing spam and protection from bots), there ir huge problem - incoming spam. registration_timeout is useless because spammers using proxies and tor

How to ptotect against incoming spam?

  1. new bots by the thousands adding each day in roster Even with
modules:
 mod_pres_counter:
 count: 3
 interval: 60
  1. even if we rejecting incoming message without captcha and activate only messaging from roster added members, there are thousands of bots adding each day in roster and hanging in roster with none in roster status. It is not clear which of them is a bot and which is a user. When user approve it into both none subscription status, user instantly receives spam

How to ptotect against such spam?

member7me avatar Aug 03 '22 17:08 member7me

@member7me: Do you use the good one?

  • https://github.com/processone/ejabberd/blob/master/tools/captcha-ng.sh

Neustradamus avatar Aug 12 '22 15:08 Neustradamus

Yes of course

member7me avatar Aug 17 '22 21:08 member7me

Regarding CAPTCHA, there are two other generation methods: mod_ecatpcha and mod_captcha_rust.

badlop avatar Jun 21 '23 11:06 badlop

@badlop: And the CAPTCHA, when it will be enable by default?

  • https://github.com/processone/ejabberd/blob/master/tools/captcha-ng.sh

Neustradamus avatar Jun 21 '23 17:06 Neustradamus