[Operators] Prosody vs. spammers - security measures?

Moonchild moonchild at palemoon.org
Mon Feb 3 16:38:42 UTC 2014


On 03/02/2014 17:04, Felix Eckhofer wrote:
>> [...]
> 
> Unfortunately I can't help you there but I would be interested what kind of
> tools Openfire has to deal with that. Also, can the spammer not just use dummy
> addresses from other popular servers?

The messages have to come from *somewhere* :)
Dummy addresses will have to be sent through those popular servers (I don't
think XMPP servers will allow clients to send messages with spoofed/non-local
addresses -- if so then that is a serious issue that needs to be handled ASAP)
These messages will be sent through the originating server that is being
abused and should be stopped there, not anywhere else.

As for what tools Openfire has, it mainly boils down to having easily
accessible traffic monitors as a first line of defense. If you can see the
number of messages/minute sent from specific clients it's easy to weed out
most spambots right from the get-go. Being able to get information in an
administrative interface of roster size, meta-data on active conversations of
a certain user, etc. allows admins to quickly pinpoint offending users.
A second tool Openfire has is easy access to both temporary and permanent bans
of users/clients/IPs to deal with offenders, and once click closing of active
client connections if they are flooding the network.
Additional tools include allowing only certain client softwares (although I've
never need that) and similar things like word filters.
I sorely miss all of that functionality in prosody at the moment, unless I'm
missing something obvious.

@Thomas: You can count yourself lucky having 30k properly behaving users (well
the ones that are active anyway) on your domain ;)

Mark.



More information about the Operators mailing list