Re: [Operators] Announce: Jabber Spam Fighting Manifesto (for public servers)

The replies to this thread are basically a short (haha) overview of everything that is wrong with the XMPP community and especially the XSF. Thanks Georg for the initiative. Mat On 02/08/2018 09:31 AM, Georg Lukas wrote: Hello together, due to the huge amounts of spam coming from abandoned

Re: [Operators] xmpp.net

Hi, On Tue, Apr 18, 2017 at 11:43:44AM -0400, Denver Gingerich wrote: > On Tue, Apr 18, 2017 at 05:30:30PM +0200, Thomas Camaran wrote: > > Hi, some news for xmpp.net ? > > I agree it would be helpful to know. We had been linking to > https://xmpp.net/directory.php from https://jmp.chat/ but

Re: [Operators] public XMPP service: [jabber.sk]

On 05/03/2016 01:52 PM, Ingo Jürgensmann wrote: > Am 03.05.2016 um 13:43 schrieb Kim Alvefur : > >> On 2016-05-03 13:10, Peter Viskup wrote: >>> Please add public XMPP service jabber.sk to the list at >>> . >> The list isn't even there anymore and getting

Re: [Operators] Diffie-Hellman: 2k or 4k keys?

Hi Arsimael, On Wed, Nov 25, 2015 at 12:09:00AM +0100, Arsimael Inshan wrote: > When I created the DH Keys on my server, I generated 2k and 4k keys. > I was told the 4k keys shouldn't be used (yet) because of > incompartibillities and they wouldn't increase the security this > much, but generate

Re: [Operators] Please enable Forward Secrecy for your servers!

Hi, On Mon, Oct 05, 2015 at 09:45:11AM -0500, Sam Whited wrote: > This all seems perfectly reasonable to me; if you don't have PFS > enabled ciphers, I don't understand why you'd expect to be able to be > part of the network these days. I completely agree. Support for PFS ciphers is not

Re: [Operators] Please enable Forward Secrecy for your servers!

Hi everybody, Just a quick reminder, this is less then a month from now: On 2015-07-10 11:47, Mathias Ertl wrote: > We at jabber.at would like to announce that we will exclusively support > forward secrecy[1] enabled ciphers starting *October 1st, 2015*. Servers > that do not su

Re: [Operators] Annoying spam

On Wed, Sep 09, 2015 at 04:38:13PM +0200, Arsimael Inshan wrote: > It's also possible to registrate on my server via script/client. But > if you do this you should do some protection like limit the > registrations/ip to 1 per 10 minutes and automatically delete > non-activated accounts (accounts

[Operators] critical vulnerability in Jappix

: @mathiasertl | xing: Mathias Ertl | email: m...@er.tl I only read plain-text mail! I prefer signed/encrypted mail! smime.p7s Description: S/MIME Cryptographic Signature

Re: [Operators] Please enable Forward Secrecy for your servers!

as already mentioned. Packages are also available for all other newer Debian/Ubuntu distros. greetings, Mati (jabber.at) -- twitter: @mathiasertl | xing: Mathias Ertl | email: m...@er.tl I only read plain-text mail! I prefer signed/encrypted mail! smime.p7s Description: S/MIME Cryptographic Signature

Re: [Operators] Please enable Forward Secrecy for your servers!

because the double the overhead is completely irrelevant. Even we have only two CPUs and still very little CPU usage. So sure it's double. But double of next to nothing is still nothing. greetings, Mati (jabber.at) -- twitter: @mathiasertl | xing: Mathias Ertl | email: m...@er.tl I only read plain-text

Re: [Operators] Please enable Forward Secrecy for your servers!

Hi, On 2015-07-27 20:58, Jonathan Schleifer wrote: Am 27.07.2015 um 20:09 schrieb Mathias Ertl m...@fsinf.at: On 2015-07-21 00:19, Jonathan Schleifer wrote: So, 4096 bit RSA just gives you an additional 16 bits for your AES, while doubling the number of RSA bits more than doubles

Re: [Operators] Please enable Forward Secrecy for your servers!

tried to get a momentum towards ubiquitous Forward Secrecy, a different issue. greetings, Mati -- twitter: @mathiasertl | xing: Mathias Ertl | email: m...@er.tl I only read plain-text mail! I prefer signed/encrypted mail! smime.p7s Description: S/MIME Cryptographic Signature

[Operators] Please enable Forward Secrecy for your servers!

://en.wikipedia.org/wiki/Forward_secrecy -- twitter: @mathiasertl | xing: Mathias Ertl | email: m...@er.tl I only read plain-text mail! I prefer signed/encrypted mail! smime.p7s Description: S/MIME Cryptographic Signature

Re: [Operators] Please enable Forward Secrecy for your servers!

. Yes, we're doing that now, here ;-) greetings, Mati -- twitter: @mathiasertl | xing: Mathias Ertl | email: m...@er.tl I only read plain-text mail! I prefer signed/encrypted mail! smime.p7s Description: S/MIME Cryptographic Signature

Re: [Operators] Public XMPP service: jabberzac.org

(on conference.jabberzac.org http://conference.jabberzac.org http://conference.jabberzac.org), also open to public use and registration. -- twitter: @mathiasertl | xing: Mathias Ertl | email: m...@er.tl I only read plain-text mail! I prefer signed/encrypted mail! smime.p7s Description: S

Re: [Operators] Is the Public Server Directory still maintained?

Peter, On Tue, Jan 13, 2015 at 10:03:46AM -0700, Peter Saint-Andre - yet wrote: V On 1/13/15 9:55 AM, John Spanos wrote: Is the directory still maintained or it just takes time to process the requests? I've been thinking we need a better process than just me handling these requests in my

Re: [Operators] Is the Public Server Directory still maintained?

On 01/13/2015 06:03 PM, Peter Saint-Andre - yet wrote: What about pull requests to the github repo? I've just done a Pull-Request for our servers. greetings, Mati -- twitter: @mathiasertl | xing: Mathias Ertl | email: m...@er.tl I only read plain-text mail! I prefer signed/encrypted mail

Re: [Operators] SSLv3 is out.

On Wed, Oct 15, 2014 at 10:59:02AM +0200, Christoph Gebhardt wrote: Does anyone know of any XMPP client that needs the server to offer SSLv3? While we're discussing this: Same question, but for TLSv1? greetings, Mati -- I only read plain text mail! I prefer pgp|gpg signed encrypted mails!

Re: [Operators] SSLv3 is out.

Hi, On Wed, Oct 15, 2014 at 10:59:02AM +0200, Christoph Gebhardt wrote: Quoting Jonas Wielicki (2014-10-15 09:47:23) I’m not confident that this attack is (like BEAST and CRIME) relevant for XMPP. But is SSLv3 relevant in the XMPP world? In the web world this is a problem with ancient

[Operators] ejabberd: compression allows circumvention of encryption

Hi, FYI, I discovered a (IMHO critical) bug in ejabberd that allows clients to connect with an unencrypted connection even if starttls_required is set. Clients should normally not do that anyway, but currently (at least some versions of) Miranda do. The bug affects all versions of ejabberd but is

[Operators] public XMPP service: [jabber.wien

Hi, We have a new XMPP domain, please add it to the list on xmpp.net: domain: jabber.wien website: https://jabber.wien year launched: 2014 country: AT latitude: 48.12 longitude: 16.22 CA: StartSSL class 2 server software: ejabberd 14.07 admin name: Mathias Ertl admin JID: c

Re: [Operators] XMPP List

Hi, On Thu, Aug 28, 2014 at 09:22:22PM +0200, Christian wrote: with all the additions lately (or at least the requests)... IS anyone ACTUALLY updating the site? I see you did already, but for the record (and so that others know): There are other sites that list XMPP servers, we maintain one

[Operators] Client support for SASL PLAIN SCRAM-SHA1?

| xing: Mathias Ertl | email: m...@er.tl I only read plain-text mail! I prefer signed/encrypted mail! -- twitter: @mathiasertl | xing: Mathias Ertl | email: m...@er.tl I only read plain-text mail! I prefer signed/encrypted mail! smime.p7s Description: S/MIME Cryptographic Signature

Re: [Operators] Client support for SASL PLAIN SCRAM-SHA1?

://prosody.im/doc/plain_or_hashed -- twitter: @mathiasertl | xing: Mathias Ertl | email: m...@er.tl I only read plain-text mail! I prefer signed/encrypted mail! smime.p7s Description: S/MIME Cryptographic Signature

Re: [Operators] Strange S2S connection problems

Hi everyone, On Thu, Apr 17, 2014 at 06:37:19AM +, Nikolaus Polak wrote: Zitat von Kim Alvefur z...@zash.se: On 2014-04-16 14:50, Nikolaus Polak wrote: some of the users of 0nl1ne.at noticed me that connections to specific servers are not reliable since a few days (working only in one

Re: [Operators] DDoS attacks against jabber.org

Hi, On Fri, Feb 07, 2014 at 08:05:12AM +, David Banes wrote: In my view this is the correct approach (block s2s communication) and mirrors the behaviour in the SMTP world. It's the way I run SMTP/XMPP platforms so I'd expect others to do the same. As a last resort, this is of course the

Re: [Operators] DDoS attacks against jabber.org

Hi, On Fri, Feb 07, 2014 at 07:59:47AM -0700, Peter Saint-Andre wrote: On 2/7/14, 3:10 AM, Edwin Mons wrote: On 07/02/14 11:08, Andreas Kuckartz wrote: Are there any indications regarding the motives of the attackers? Other than that they seem to target specific MUCs, we can only

Re: [Operators] DDoS attacks against jabber.org

On Fri, Feb 07, 2014 at 04:16:33PM +0100, Marco Cirillo wrote: Given the insistence... I just ended restricting room creation on conference.lightwitch.org to the parent domain's users which sorted it. We did the same, but that solved the issue only for a little while. Now we have dedicated

Re: [Operators] DDoS attacks against jabber.org

On 02/07/2014 06:03 PM, Peter Saint-Andre wrote: On 2/7/14, 9:52 AM, Mathias Ertl wrote: On Fri, Feb 07, 2014 at 04:16:33PM +0100, Marco Cirillo wrote: Given the insistence... I just ended restricting room creation on conference.lightwitch.org to the parent domain's users which sorted

Re: [Operators] DDoS attacks against jabber.org

jabber.nln.ru jabber.no jabber.snc.ru jabber.stream.uz jabber.totel.ru jabber.tsk.ru jabber.wiretrip.org jabber-br.org jabbernet.dk kofeina.net linux.pl octro.net oneteam.im talk.mipt.ru talkers.im zsh.su ### -- twitter: @mathiasertl | xing: Mathias Ertl | email: m...@er.tl I only

Re: [Operators] Prosody vs. spammers - security measures?

] https://account.jabber.at/ [2] https://account.jabber.at/doc/backends.html#custom-backends -- twitter: @mathiasertl | xing: Mathias Ertl | email: m...@er.tl I only read plain-text mail! I prefer signed/encrypted mail! smime.p7s Description: S/MIME Cryptographic Signature

Re: [Operators] The Google issue

for those test-days, we will do so as well. greetings, Mati I hope that the people in charge at Google are aware that not supporting this effort perhaps would result in a smaller or larger PR disaster. Cheers, Andreas -- twitter: @mathiasertl | xing: Mathias Ertl | email: m...@er.tl I

[Operators] Account registration project

questions, suggestions or need help deploying the project yourself. greetings, Mati (jabber.at) -- twitter: @mathiasertl | xing: Mathias Ertl | email: m...@er.tl I only read plain-text mail! I prefer signed/encrypted mail! smime.p7s Description: S/MIME Cryptographic Signature

Re: [Operators] Update on spammy invites

On Thu, Mar 21, 2013 at 07:36:47AM -0700, Peter Saint-Andre wrote: We know that jabber.org had many spammy invite accounts, and we have IBR disabled with CAPTCHA-protected web registration. As Maxim noted about his server (jabber.kiev.ua), web registration doesn't stop someone from registering

Re: [Operators] Spammy invites

On Wed, Feb 13, 2013 at 10:03:16AM -0700, Peter Saint-Andre wrote: Furthermore, I think these spammers don't need that many accounts, and therefore don't need to auto-create them. They can simply go to the web page where one creates accounts - such as https://register.jabber.org/ - and

Re: [Operators] Spammy invites

On Wed, Feb 13, 2013 at 10:26:24AM -0700, Peter Saint-Andre wrote: Another approach is to shut down all new-account registration. We've done that at jabber.org for short periods of time, and I am considering doing it again. At that point, i you want to connect to the open IM network, the

Re: [Operators] Reporting DDoS attack, the idiot responsible of the attack and the server range which the drones come from.

On Tue, Sep 04, 2012 at 12:50:26AM +0200, Marco Cirillo wrote: Il 03/09/2012 22:41, Arsimael Inshan ha scritto: I don't think thats a good idea. Every open Jabber-Server can be used for this. IF you block all Open Servers, then you might cut yourself of the jabber network. And if everyone does

Re: [Operators] Jabber.sk - stolen ejabberd databases

On Fri, Aug 31, 2012 at 03:59:10PM +0200, Peter Viskup wrote: It could be related to activities of syrian people using our server on last months. We have seen massive abuse from Syrian and Russian IPs, (i.e. mass-MUC creation), where they claimed to be Syrian. This was already discussed

Re: [Operators] another xmpp.net update

! greetings, Mati - -- twitter: @mathiasertl | soup: http://soup.er.tl | xing: Mathias Ertl I only read plain-text mail! I prefer signed/encrypted mail! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk

Re: [Operators] World IPv6 Launch

On 2012-05-27 13:56, Ludovic BOCQUET wrote: If your XMPP server (and website) support IPv6, can you add your website on http://www.worldipv6launch.org/ ? Is this also of interest if my server has been supporting IPv6 for quite a while? After all, we are not launching IPv6 :-) greetings, Mati

Re: [Operators] public XMPP service: forumanalogue.fr

On 2012-05-23 13:40, Matthew Wild wrote: I think at this point the list on xmpp.org should be taken down, and replaced with links to third-party lists. The XSF simply appears to not have the resources to manage this. If/when that happens, please add https://list.jabber.at. greetings, Mathias

Re: [Operators] Gmail federation

confirm this behaviour for jabber.at. greetings, Mati -- twitter: @mathiasertl | soup: http://soup.er.tl | xing: Mathias Ertl I only read plain-text mail! I prefer signed/encrypted mail! smime.p7s Description: S/MIME Cryptographic Signature

Re: [Operators] DDoS attack

in all capabilities for fighting abusive automated messages are unfortunately very poor in all servers. I really think devs should improve that situation. greetings, Mati -- twitter: @mathiasertl | soup: http://soup.er.tl | xing: Mathias Ertl I only read plain-text mail! I prefer signed/encrypted

Re: [Operators] Finally *fix* the list-issue

connectivity (i.e. wrong CA). greetings, Mati -- twitter: @mathiasertl | soup: http://soup.er.tl | xing: Mathias Ertl I only read plain-text mail! I prefer signed/encrypted mail! smime.p7s Description: S/MIME Cryptographic Signature

[Operators] Finally *fix* the list-issue

: @mathiasertl | soup: http://soup.er.tl | xing: Mathias Ertl I only read plain-text mail! I prefer signed/encrypted mail! smime.p7s Description: S/MIME Cryptographic Signature

Re: [Operators] Finally *fix* the list-issue

, Mati -- twitter: @mathiasertl | soup: http://soup.er.tl | xing: Mathias Ertl I only read plain-text mail! I prefer signed/encrypted mail! smime.p7s Description: S/MIME Cryptographic Signature

Re: [Operators] Finally *fix* the list-issue

/SSL123_SecondaryCA.pem [3] http://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.cer [4] http://sslguide.org/ssl-support/root-certificates/comodo -- twitter: @mathiasertl | soup: http://soup.er.tl | xing: Mathias Ertl I only read plain-text mail! I

Re: [Operators] Finally *fix* the list-issue

and collaborate! greetings, Mati -- twitter: @mathiasertl | soup: http://soup.er.tl | xing: Mathias Ertl I only read plain-text mail! I prefer signed/encrypted mail! smime.p7s Description: S/MIME Cryptographic Signature

[Operators] Drupal registration extension

Hi! I thought I'd let you know that I've written a Drupal module to register Jabber accounts. You can find a demonstration here: https://jabber.at/register If you use Drupal on your Jabber servers homepage and are interested in providing registration via your homepage, please read on

Re: [Operators] Strange users

Hi! I have seen something very similar on my server. We had tons of accounts with usernames of what appeared to be md5sums. They had no contacts EXCEPT they were using our MSN transports. At the same time I also had registrations with usernames that were exactly 10 digits (i.e.

Re: [Operators] Please *remove* jabber.fsinf.at

On Tuesday, August 30, 2011 05:43:07 PM Peter Saint-Andre wrote: Done. On 8/28/11 2:09 PM, Mathias Ertl wrote: Please *remove* jabber.fsinf.at from the list at I'd just like to point out that the server is still there (and many other servers that were submitted are still not added). Just

[Operators] Please *remove* jabber.fsinf.at

Hi, Please *remove* jabber.fsinf.at from the list at http://xmpp.org/resources/public-services/. The service will stop accepting public registrations in a few days[1] and thus is no longer suitable for that list. If - whoever is responsible for this right now - is in doubt of my permission to

Re: [Operators] Services list maintainance

On Wednesday, April 06, 2011 02:24:27 pm Peter Saint-Andre wrote: In fact there are. :) I've been diligently working on my email backlog. Currently of the 200 messages in my inbox 50+ are related to service registrations. I'm planning to start processing those again in the next few days. But

Re: [Operators] public XMPP service-list abandoned?

On 09/10/2010 09:43 PM, Peter Saint-Andre wrote: Some time ago I asked for volunteers to help. People volunteered but then disappeared, so it was left to me, and I have so much to do that this task often falls off my to-do list. If you'd like to help, contact me off-list. I think I offered

Re: [Operators] Let's start some witch-hunt

Dear Peter, Martin, Hal and the rest, On 06/15/2010 11:31 PM, Peter Schwindt wrote: Martin (of hot-chilli.*) was the first to publicly (on jadmin-ML, about 2 weeks ago) mention a bunch of weird registrations. The accounts to be considered all look nearly the same: A posix timestamp + (LOP or

Re: [Operators] XMPP ICA update

Greetings, Peter Saint-Andre wrote: Let me know if you have any questions about this change. I have one. Does Startcom offer/allow Certificates that are (1) a wildcard certificate (i.e. for *.jabber.org) and (2) include a SubjectAltName (that is: Multi-domain certificates). greetings, Mat --

Re: [Operators] Please temporarily remove moo.im

Matthew Wild wrote: Hey, On Wed, Sep 9, 2009 at 9:14 AM, Timon Reinhardti...@lizmo.de wrote: Hi, due to massive spam/bot registrations I have disabled in-band registration for moo.im. It will take me some time to get an alternative registration (webform + captcha) running, so for the

Re: [Operators] Online real time monitoring

Hi, On 7/5/09 9:48 AM, Alexandr Shapoval wrote: I have a suggestion for monitoring Jabber services. This reminds me: so do I. I'm not sure if this is the right list for this, if not, please point me to it ;-). Anyway: I decided to split the whole thing into to parts: A bot that scans servers

Re: [Operators] Online real time monitoring

Hi, Peter Saint-Andre wrote: Perhaps it would help for people to publish their scripts. Indeed, it would be cool to have an open-source project or two so that more people can contribute to these efforts, download and improve the code, run their own monitors, etc. I wholeheartedly agree.