Fighting XMPP spam

[member7me]

Hello. Spam nowadays is huge problem. My friends small xmpp server on 300 members 100 online consists only of spam and bots. Yea, there are methods to combat spam, but they are extremely inefficient. https://www.process-one.net/blog/fighting-xmpp-abuse-and-spam-with-ejabberd-ejabberd-workshop-1/ Built-in captcha with captcha: true is not effective, development on a home server is not advisable. Even if you completely ban new registrations (protection from outgoing spam and protection from bots), there ir huge problem - incoming spam. registration_timeout is useless because spammers using proxies and tor

How to ptotect against incoming spam?

1. new bots by the thousands adding each day in roster Even with

   modules:
   mod_pres_counter:
   count: 3
   interval: 60

2. even if we rejecting incoming message without captcha and activate only messaging from roster added members, there are thousands of bots adding each day in roster and hanging in roster with none in roster status. It is not clear which of them is a bot and which is a user. When user approve it into both none subscription status, user instantly receives spam

How to ptotect against such spam?

[Neustradamus]

@member7me: Do you use the good one?

• https://github.com/processone/ejabberd/blob/master/tools/captcha-ng.sh

[member7me]

Yes of course

[badlop]

Regarding CAPTCHA, there are two other generation methods: mod_ecatpcha and mod_captcha_rust.

[Neustradamus]

@badlop: And the CAPTCHA, when it will be enable by default?

• https://github.com/processone/ejabberd/blob/master/tools/captcha-ng.sh