it's possible, also, to remove user if not connect after a period for limit this problem
2014-02-04 Mathias Ertl <m...@fsinf.at>: > Hi, > > > On 02/03/2014 02:29 PM, Moonchild wrote: > > I've been running prosody for a little while now, and although I'm happy > with > > the c2s/s2s security of the connections it makes, I'm running into a > different > > security issue which is potentially a much larger problem. > > > > The problem is: spammers and otherwise abusive users. > > We at jabber.at had similar problems. I might add that I personally > think that operators claiming they "don't have this problem" despite > thousands of users really mean "I didn't realize so far I had this > problem". > > > There is no easy way to > > monitor or restrict abusive behavior in prosody, and manually checking > logs > > really isn't a "this millennium" way of going about user security. > > As some operators have already mentioned, open registration is the main > issue. Simple Anti-Spam measures are often circumvented easily: We had a > simple ReCAPTCHA protected form and that was completely broken. > > We mostly solved the issue with a small Django WebApp[1] that allows > registration and (as a bonus) allows setting your password and deleting > your account. It doesn't support Prosody yet, but if you're willing to > code (a little) Python, you can write a plugin[2]. > > greetings, Mati > > [1] https://account.jabber.at/ > [2] https://account.jabber.at/doc/backends.html#custom-backends > > -- > twitter: @mathiasertl | xing: Mathias Ertl | email: m...@er.tl > I only read plain-text mail! I prefer signed/encrypted mail! > >
