Implement mod_firewall

[drequivalent]

Is your feature request related to a problem? Please describe. Spammers and bad actors are a problem.

Describe the solution you'd like I'd like to set rate limits and automatic man of spammers. mod_firewall can do that

https://modules.prosody.im/mod_firewall

Also, maybe character count limits

Describe alternatives you've considered An alternative would be authenticating with Fediverse accounts, and allow only authenticated users participate. This is the best middle ground between anonymous access and closed-down pre-moderated access.

Reference: NlNet-task-29

[JohnXLivingston]

Thanks for your report. I agree, we need to find a way to block spam.

For now, there are 2 solutions:

• if only few spam account, you can mute/kick/ban them (https://conversejs.org/docs/html/features.html#moderating-chatrooms )
• if not too many legitimate users, you can set the chat in «moderated» mode. Open the chat in fullscreen, open the setup menu on the top right. Then check «Moderated (require permission to speak)». Then, you can use the «/voice» command to allow non-spamming users to speak, or /mute, /kick, /ban to get rid of spammers.

The option «allow only authenticated» is already on my todo list. But I lack time to work on the plugin for now, I'm very busy on other projects. I'll try to add this next month.

Thanks for pointing mod_firewall. Seems nice!

For the record, I already begin to code a XMPP bot that can easily be added in a Peertube plugin! I had in mind to add moderation capabilities (rate limiting, banned words, ...). But again, I have no time to work on this before May or June. And unfortunately I also lack budget. Including this bot and features would require 1500€ or 2000€ of work. If you have a lead to fund this feature, I'm interested. Note: mod_firewall could replace the bot, thanks again for the tip.

[drequivalent]

if only few spam account, you can mute/kick/ban them (https://conversejs.org/docs/html/features.html#moderating-chatrooms )

This is inconvenient as all Hell. It is also confusing for people who don't know how XMPP works. And the bastard logs back in beofre we finish banning his previous account.

if not too many legitimate users, you can set the chat in «moderated» mode.

This is a problem because livestreams need to be open. They're not an invite-only conference. They're a show. This mode will stifle the audience, and will consume the streamer's time because they will have to approve accounts instead of doing what they've set out to do.

[JohnXLivingston]

@drequivalent , I'm aware of these points. As said, I have some solutions in my TODO list. The problem is to find time and money to implement them. I was hoping to have a little more time before malicious people attacked Peertube chats... I'll try to do the "allow only authenticated users" option this week. It was asked me by 3 or 4 people, and it could really help.

[mwild1]

There are multiple things that already exist to help combat spam/abuse in XMPP-based chats. Obviously any anonymous chat is very easy to abuse and very hard to defend against (you want it full accessible with no login, but you also want to identify bad actors? Good luck!!).

Nevertheless, this is obviously not a new problem and Prosody has some modules that can assist. For example:

• mod_muc_limits will apply rate limits. It's worth reading and understanding the "algorithm" section. In particular, all unaffiliated users share the same rate limit. That's generally the desired behaviour, otherwise the rate limit can be trivially bypassed by simply joining the channel multiple times. The moderation strategy is to identify trusted users, and grant them "member" status so they will not be subjected to that limit. This could be done manually, or via a bot (e.g. auto-member after a period of time).
• mod_muc_ban_ip is very useful for anonymous hosts. When you ban a user from the channel, it automatically applies an IP ban on the server side. Obviously there are ways to evade IP-based bans, but it can help a lot with trivial spammers.
• mod_muc_restrict_media can be useful in public channels, for... hopefully obvious reasons.
• mod_muc_moderation allows removal of content by moderators.
• mod_firewall is the ultimate flexible module, but it's not a silver bullet. You still have to figure out the necessary rules, and as with all spam/abuse this turns into a "cat and mouse" game. But that's generally what all moderation on all platforms comes down to at the end of the day. This module a useful addition to the toolbox when simpler options aren't working.

See also some general advice in Prosody's documentation about running public servers.

Generally you'll want to do as many limits and moderation actions on the server side, before they reach the channel. Bots in the channel can be useful, but they can basically only be reactive (performing action after the bad thing happened), rather than proactive (preventing bad things from happening).

I'm happy to assist with any questions about moderation in XMPP, the modules listed above, or hear about any functionality we're missing that may help such use-cases.

[JohnXLivingston]

Thanks @mwild1 , your post really helps! Should be easy to quickly implement some of these solution (mod_muc_moderation is already used).

[drequivalent]

@mwild1 the trick is not identifying them all. The trick is raising the cost of attack.

Thanks for the message. Food for thought.

[JohnXLivingston]

I'm releasing a v5.7.0 with the feature «Hide the chat for anonymous users». This is a first version, will be enhanced later on. See the changelog for more informations. Commit: https://github.com/JohnXLivingston/peertube-plugin-livechat/commit/01a052d3806e5a6c405459d4027701e856a9842d