[Operators] Spam Registrations

Peter Saint-Andre stpeter at stpeter.im
Thu May 23 15:15:36 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 5/23/13 1:39 AM, Alex Hanselka wrote:
> Heya!
> 
> Do you guys have any tips for spam registrations for open servers?
> I'm running one that eventually I'll add back to the list on
> xmpp.net but before I do I wanted some tips on this :)
> 
> Thanks for any insight!

First, thanks for asking. It's really good to see all this activity
and discussion amongst those who run XMPP services. (One of the
traditional problems with standards organizations is that vendors
define things but we never hear from operators.)

At jabber.org, we turned off in-band registration and forced all users
to register via https://register.jabber.org/ with CAPTCHA required.
That did not really prevent spam registrations (at one point we had
over 10,000 users that we suspected of sending spammy invites to
Google Talk users). Since then I wrote a little script that gives us a
daily report of new account registrations (we receive 400-800 a day),
which at least gives us a bit of insight into potentially suspicious
users. But I admit that's not much to go on -- it would be helpful for
operators to have more detailed reports about what's going on in the
service, who is sending lots of invites or messages in a seemingly
automated way, etc.

We have a lot of work to do...

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRnjKYAAoJEOoGpJErxa2pfIkP/A/SGZYBv6dblV/iFLXzJrnK
EswKrekgMLo6ZAmUmDovT0vsUDpCPiVRnOaaI8hGDeB2kzsr4PKUk9ay18RPPTKD
l2LVVMgJ8i9noVFbBUx6SeuBLjIftPkb2K5+UdGa88Uw+DEPoT0W9ZxTm6D6wW17
REz18Og1CRBFp1+SjfdC1EzRPXAZGmQbTJSSS50e2dYTSDcO0nuAAxZg294n5rXO
G2cuZiLuVDaVNe2JQ/qIrz2EdtDV/ZaB/MSxL4bj5c3d6IW6/eNyzYBxzqDPrBJr
uw8pJV2yNLr4qHax9kflfZagpA7E/dzTMx2DM61+xQxWQ7ejZNwsND3CyukyIEkF
rzyMBZJuekApEkwEMf4qv1A8Mn5qTmh6VmqST5/K3Dj0tXVtT4wvAyOqxpw/i2yt
XNlrgjQULIfetuO1ohEPLOyxDQkb+OW5k4RYHL3X302UoEMlRw9Cq6kgTKzK8LSV
dBV3JvZZOLCqKd9eN7aw+PArVe1GClxTZKtJsjDgMBHZWnV9DpIDRDBNeNYKMI1y
xlBOFD4lMCF7+FFXKjEfuyOba51V4HcMUGMQQlWhHxr2KNTgwNPtNFytWo3zuI9q
2hZlYHR2SMZhk/7ngiQHVweyaKJy06yGfx2n69UvBFi9JeoZMZGJEO0rHqYdIfIK
XEsG9tutjsC311rfSB2P
=XSux
-----END PGP SIGNATURE-----


More information about the Operators mailing list