[Operators] Rosters flood

Jesse Thompson jesse.thompson at doit.wisc.edu
Wed Sep 8 10:52:08 CST 2010


On 09/08/2010 11:29 AM, Evgeniy Khramtsov wrote:
> 09.09.2010 02:19, Jesse Thompson wrote:
>> Do you mean that spammers could flood users with subscription
>> requests? I suppose that would be difficult to deal with. Could it be
>> solved with UI improvements? e.g., a queue listing of pending
>> requests, as opposed to a pop-up for each request.
>
> Currently, we have mixed flood: subscriptions and messages. Flooders are
> aware of protocol weakness: they are not idiots after all ;)

Right, they aren't idiots.

My original point was that it might be beneficial to find a solution 
other than re-hashing the email spam war.  We can go through the hassle 
of blocking the IPs of servers that don't limit registrations, so the 
spammers will start setting up their own servers on zombies.  We can 
then go through the hassle of blocking zombie servers, so the spammers 
will start creating accounts on trustworthy services (captchas might 
help, but it hasn't stopped email spammers.)  We can go through the 
hassle of blocking the JIDs of users on trusted services, so the 
spammers will just start phishing for credentials of trusted users on 
trusted services.

We already know the end game, because email has already gone through the 
process.  I was just wondering if we can skip ahead to the point where 
we have to figure out how to deal with the fact that you can't really 
trust any user on any service.

Jesse

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3403 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20100908/54808b39/attachment-0001.bin>


More information about the Operators mailing list