[Operators] Spammy invites

aszlig aszlig at redmoonstudios.org
Wed Feb 13 15:41:54 UTC 2013


On Wed, Feb 13, 2013 at 09:48:59AM +0100, Per Gustafsson wrote:
> I work with Google's chat service, and we are seeing lots of spammy invites
> from users on various federated domains, including jabberes.org, jabber.se,
> jabber-hosting.com and jabber.org. Have you noted an elevated amount of
> sccount creation etc., and is there anything you can do about it in that
> case, otherwise we will have to institute very tight limits of invites per
> day being sent from federated domains.

Here I've got the same problems as well (aszlig.net, headcounter.org,
no-icq.org, noicq.org - not yet listed at xmpp.net since the rework) and
i'm going to disable new registrations as soon as the load is low
enough. The main target of these massive spammy subscribes is gmail.com
and it's quite hard to track them down without "accidentally" locking
out real users.

My second step would be to reenable registrations and only allow
verified users to use S2S. But I'm not sure about how to do this for
every single user (maybe some kind of WoT within the local network?).

So, any idea about how to mitigate this without forcing too much
restrictions on real users (like for example I'd want to avoid
captchas)?

a!
-- 
aszlig
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: Digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20130213/c4818bb7/attachment.pgp>


More information about the Operators mailing list