Those guys might be using the public VJUD directory services. A chunked search on username > a* ; then b* - to z* + number* might help them gathering a massive amount of JIDs.
I don’t see any major issue in setting up a bot that crawls a public list of servers, such as XMPP.net, discovering the server’s services, picking up those offering a VJUD and then searching for chunks on those VJUDs. Boom, that’s a list of JIDs to spam, there’s no easier way. I’ll temporary close down Jappix.com VJUD as a preventive attempt to mitigate this ; but the addresses already leaked - at least those of people who explicitly chose to appear in the list (default is “do not appear"). If I recall well, ejabbed’s VJUD lists all users by default, unrespectful of any personal choice (whether to appear in directory / or not). Jappix.com is not using ejabbed but my account (which is being spammed) appears in the directory. It would be great to get more insights about that (whether some people not appearing in a targeted server’s VJUD also get spammed or not). Cheers, -- Valerian Saliou Crisp Communications Looking for my contact details? On November 10, 2015 at 6:20:20 PM, Sam Whited ([email protected]) wrote: On Tue, Nov 10, 2015 at 11:02 AM, Peter Saint-Andre <[email protected]> wrote: > I wonder why this has changed recently (aside from the usual story about the > economics of spam). How are these XMPP addresses being gathered? Are they > merely being guessed at, or is there something more nefarious going on? For > example, although this is pure speculation: are there servers on the network > that are leaking JIDs? There also seems to have been an uptick in a number of non-commercial but still somewhat spammy users (I hesitate to say, "trolls", but it may be accurate) in some of the various common XSF/software related rooms many of us idle in. Of course, the two may not have anything to do with one another (or I may just be imagining it and it's really it's just one or two very vocal users), but I wonder if there was some media coverage or something that's causing an influx in the network. Have any public server operators noticed a spike in registrations over the last few weeks? —Sam -- Sam Whited pub 4096R/54083AE104EA7AD3 https://blog.samwhited.com
