[Operators] Strange registrations

chris johnston ctofur at gmail.com
Fri Mar 27 15:06:06 CDT 2009


Not that I have used it, it appears this project is promising and has what
is needed to authenticate as an admin for the bare minimum to send a XEP
http://code.google.com/p/xmpphp/

This wiki page is not complete but it give you a good start to a library
list for XMPP
http://en.wikipedia.org/wiki/List_of_XMPP_library_software

If the library of your picking does not supply a function to register/add
new users.  All the libraries allow for authentication,  which your script
can AUTH with the server as an admin. Then send this raw message,
substituting the appropriate variables.

<iq type="set" to="$server" id="ab5ea" >
<command xmlns="http://jabber.org/protocol/commands" node="
http://jabber.org/protocol/admin#add-user"
sessionid="2009-03-27T19:56:40.276491Z" >
<x xmlns="jabber:x:data" type="submit" >
<field type="hidden" var="FORM_TYPE" >
<value>http://jabber.org/protocol/admin</value>
</field>
<field type="jid-single" var="accountjid" >
<value>$USER_JID</value>
</field>
<field type="text-private" var="password" >
<value>$passwrod</value>
</field>
<field type="text-private" var="password-verify" >
<value>$passsword</value>
</field>
</x>
</command>
</iq>

Fairly easy task then it comes down to it.... Maybe I should make it..?..?..

-Chris

On Fri, Mar 27, 2009 at 1:38 PM, Peter Saint-Andre <stpeter at stpeter.im>wrote:

> I agree that we need good web-registration support. Does anyone have a
> good set of pages for this (e.g., PHP)?
>
> On 3/27/09 9:44 AM, chris johnston wrote:
> > Is it a good idea to disallow registrations of users and force the use
> > of a webpage form that has a human verification method (reCaptha)????
> > Thus bot registrations would have to pass the human verification method
> > of a webpage.
> >
> > It seems like the in-band registration capabilities of XMPP are going to
> > be targeted by bots heavily and there are no strong methods intergrated
> > into major xmpp servers nor clients that stop this issue.
> >
> > I do know ejabberd is working on suppressing SPAM via Group chats using
> > XEP-0158 *CAPTCHA* Forms <http://xmpp.org/extensions/xep-0158.html#muc>
> >
> > Although untill jabber clients support XEP-0158 for in-band user
> > registration I suggest all operators with public servers move to
> > registration via html form with human verification.
> >
> > -Chris
> >
> >
> > On Fri, Mar 27, 2009 at 11:03 AM, Clemens Fries <xmpp at xenoworld.de
> > <mailto:xmpp at xenoworld.de>> wrote:
> >
> >     Hi!
> >
> >     I, too, got a few of these registrations. I did a quick search for
> >     some of the
> >     names on the list and discovered that all the surnames used in the
> >     nicknames
> >     seem to originate from this list:
> >      http://cns2.uni.edu/~okane/114/Physicians.txt<http://cns2.uni.edu/%7Eokane/114/Physicians.txt>
> >     <http://cns2.uni.edu/%7Eokane/114/Physicians.txt>
> >
> >     It may be interesting to hear of anyone got a nickname with a
> >     surname that is
> >     not on that list. I got only positive matches for the names you
> >     provided and
> >     for the seven names I had at hand.
> >
> >     Might help to single out the 'bad' users. The first names seem to
> >     come from a
> >     different list ─ there are multiple results if you google for some
> >     of the more
> >     exotic names.
> >
> >     On Friday 27 March 2009 15:05:28 Michael Grigutsch wrote:
> >     > Hi!
> >     >
> >     > It seems as if the registration bots have been improved to use more
> >     > ordinary nicknames for the registration. I have some strange
> >     registration
> >     > the last days, always using $name_$name as nick, e.g.
> suzanna_taggart,
> >     > evangeline_coldsmith, kendal_emrick...
> >     >
> >     > The accounts are not be used further after registration, some of
> >     them were
> >     > automatically deleted during daily maintenance as the user never
> >     logs in.
> >     >
> >     > Anyone else noticed that registrations?
> >     >
> >     > Best regards
> >     >
> >     > /MiGri
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.jabber.org/pipermail/operators/attachments/20090327/1b745689/attachment.htm 


More information about the Operators mailing list