[Operators] DNSBLs

Peter Saint-Andre stpeter at stpeter.im
Wed Nov 18 21:07:08 CST 2009


On 11/18/09 4:29 PM, Peter Viskup wrote:
> What does your expression - 'uncontrolled registration' - mean?
> What is the definition of 'controlled registration'?
> How do you check if the jabber server has 'controlled registration'?
> 
> On our jabber.sk server everybody can register account with any length
> and any characters the server (piece of software) is supporting. Is that
> something what means 'uncontrolled registration'?
> Is something wrong (not following not well known 'best practices') on
> that configuration of public server?

Good question. I'll answer based on my experience at the jabber.org
service: I think that by "uncontrolled registration" he means in-band
registration ("IBR", XEP-0077) without CAPTCHA forms (XEP-0158). A
service could also allow uncontrolled registration via the web but that
might be more difficult to test. At the jabber.org service we turned off
IBR perhaps a year ago, in favor of web registration with CAPTCHAs. No,
it's not perfect, but it seems to be less liable to attack (or at least
automated registration by malicious bots).

/psa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6820 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20091118/68600be5/attachment-0001.bin>


More information about the Operators mailing list