[Operators] Spam Registrations
stpeter at stpeter.im
Thu May 23 15:15:36 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 5/23/13 1:39 AM, Alex Hanselka wrote:
> Do you guys have any tips for spam registrations for open servers?
> I'm running one that eventually I'll add back to the list on
> xmpp.net but before I do I wanted some tips on this :)
> Thanks for any insight!
First, thanks for asking. It's really good to see all this activity
and discussion amongst those who run XMPP services. (One of the
traditional problems with standards organizations is that vendors
define things but we never hear from operators.)
At jabber.org, we turned off in-band registration and forced all users
to register via https://register.jabber.org/ with CAPTCHA required.
That did not really prevent spam registrations (at one point we had
over 10,000 users that we suspected of sending spammy invites to
Google Talk users). Since then I wrote a little script that gives us a
daily report of new account registrations (we receive 400-800 a day),
which at least gives us a bit of insight into potentially suspicious
users. But I admit that's not much to go on -- it would be helpful for
operators to have more detailed reports about what's going on in the
service, who is sending lots of invites or messages in a seemingly
automated way, etc.
We have a lot of work to do...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the Operators