[Operators] DNSBLs

Peter Viskup skupko.sk at gmail.com
Thu Nov 19 03:39:44 CST 2009


Yes - I heard jabber.org administrators disabled IBR, but could you explain
what was the reason for that (or just send link where can I find more
details about the issue with IBR they were experiencing)?
I think that only high performance/stability issues could be occasion for
CAPTCHA registration implementation.

--
Peter Viskup

On Thu, Nov 19, 2009 at 4:07 AM, Peter Saint-Andre <stpeter at stpeter.im>wrote:

> On 11/18/09 4:29 PM, Peter Viskup wrote:
> > What does your expression - 'uncontrolled registration' - mean?
> > What is the definition of 'controlled registration'?
> > How do you check if the jabber server has 'controlled registration'?
> >
> > On our jabber.sk server everybody can register account with any length
> > and any characters the server (piece of software) is supporting. Is that
> > something what means 'uncontrolled registration'?
> > Is something wrong (not following not well known 'best practices') on
> > that configuration of public server?
>
> Good question. I'll answer based on my experience at the jabber.org
> service: I think that by "uncontrolled registration" he means in-band
> registration ("IBR", XEP-0077) without CAPTCHA forms (XEP-0158). A
> service could also allow uncontrolled registration via the web but that
> might be more difficult to test. At the jabber.org service we turned off
> IBR perhaps a year ago, in favor of web registration with CAPTCHAs. No,
> it's not perfect, but it seems to be less liable to attack (or at least
> automated registration by malicious bots).
>
> /psa
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20091119/a0974754/attachment-0001.htm>


More information about the Operators mailing list