[Operators] Prosody vs. spammers - security measures?

Thomas Camaran camaran at gmail.com
Tue Feb 4 14:11:06 UTC 2014


it's possible, also, to remove user if not connect after a period for limit
this problem


2014-02-04 Mathias Ertl <mati at fsinf.at>:

> Hi,
>
>
> On 02/03/2014 02:29 PM, Moonchild wrote:
> > I've been running prosody for a little while now, and although I'm happy
> with
> > the c2s/s2s security of the connections it makes, I'm running into a
> different
> > security issue which is potentially a much larger problem.
> >
> > The problem is: spammers and otherwise abusive users.
>
> We at jabber.at had similar problems. I might add that I personally
> think that operators claiming they "don't have this problem" despite
> thousands of users really mean "I didn't realize so far I had this
> problem".
>
> > There is no easy way to
> > monitor or restrict abusive behavior in prosody, and manually checking
> logs
> > really isn't a "this millennium" way of going about user security.
>
> As some operators have already mentioned, open registration is the main
> issue. Simple Anti-Spam measures are often circumvented easily: We had a
> simple ReCAPTCHA protected form and that was completely broken.
>
> We mostly solved the issue with a small Django WebApp[1] that allows
> registration and (as a bonus) allows setting your password and deleting
> your account. It doesn't support Prosody yet, but if you're willing to
> code (a little) Python, you can write a plugin[2].
>
> greetings, Mati
>
> [1] https://account.jabber.at/
> [2] https://account.jabber.at/doc/backends.html#custom-backends
>
> --
> twitter: @mathiasertl | xing: Mathias Ertl | email: mati at er.tl
> I only read plain-text mail!  I prefer signed/encrypted mail!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20140204/3eee9508/attachment.html>


More information about the Operators mailing list