Hi,
On 02/03/2014 02:29 PM, Moonchild wrote: > I've been running prosody for a little while now, and although I'm happy with > the c2s/s2s security of the connections it makes, I'm running into a different > security issue which is potentially a much larger problem. > > The problem is: spammers and otherwise abusive users. We at jabber.at had similar problems. I might add that I personally think that operators claiming they "don't have this problem" despite thousands of users really mean "I didn't realize so far I had this problem". > There is no easy way to > monitor or restrict abusive behavior in prosody, and manually checking logs > really isn't a "this millennium" way of going about user security. As some operators have already mentioned, open registration is the main issue. Simple Anti-Spam measures are often circumvented easily: We had a simple ReCAPTCHA protected form and that was completely broken. We mostly solved the issue with a small Django WebApp[1] that allows registration and (as a bonus) allows setting your password and deleting your account. It doesn't support Prosody yet, but if you're willing to code (a little) Python, you can write a plugin[2]. greetings, Mati [1] https://account.jabber.at/ [2] https://account.jabber.at/doc/backends.html#custom-backends -- twitter: @mathiasertl | xing: Mathias Ertl | email: [email protected] I only read plain-text mail! I prefer signed/encrypted mail!
smime.p7s
Description: S/MIME Cryptographic Signature
