SlideShare une entreprise Scribd logo

Fighting XMPP abuse and spam with ejabberd - ejabberd Workshop #1

Mickaël Rémond
Mickaël Rémond

Mickaël Rémond explains the features, options and API that can be used to protect ejabberd servers from spam and various other types of attacks.

Technologie
1  sur  30
Télécharger pour lire hors ligne
Fighting XMPP messaging spam thanks to ejabberd API 17th November 2015 Mickaël Rémond <mremond@process-one.net>
Introduction There has been some discussions recently on XMPP operator mailing about the rise of spam attacks on the XMPP federation. Posts on XMPP operators mailing list: Reference: http://mail.jabber.org/pipermail/operators/2015-November/002745.html Simon Josefsson Tue Nov 10 15:12:49 UTC 2015 Hi, I'm seeing similar spam, for me it started on October 27 and I've received spam on November 3rd, 4th, 7th and 9th as well. From different JIDs/servers. Is there any documentation on spam prevention on xmpp servers? Any system to submit spam examples that expose a DNS-based blacklists? I'm certain spamassassin would have scored the examples I received fairly high, but perhaps there are other ways to deal with spam in XMPP as well. /Simon
Goal I decided to add a talk to this ejabberd workshop to show ejabberd offer the needed tooling and API to fight attacks. Describe existing settings and tools Explore spam fighting tools improvements
Existing ejabberd anti-spam leverages Disable services that are obvious spam vectors Restrict abusive behaviour Block users and servers Analyse and detect issue to react
Disable or limit spammers "tools" Handy tools for spammers are: User in-band registration - XEP-0077: Allow self user creation from any client Typically used to create massive number of accounts with bots Accounts are used to send spam on local or remote servers through XMPP federation (s2s) Jabber User Directory - XEP-0055: Jabber Search: Use to harvest XMPP account as spam target.
mod_register configuration best practices Make sure in-band registration is disabled. Check mod_register is not enabled / commented out in modules section of ejabberd: modules: ... # mod_register: {} ...
Or at least use captchas to protect registration from bots: hosts: ["example.org"] captcha_cmd: "/lib/ejabberd/priv/bin/captcha.sh" captcha_host: "example.org:5280" listen: ... - port: 5280 module: ejabberd_http captcha: true ... Captcha challenge contains a link to use browser for client that do not support them directly.
You can restrict registration to list of IPs: acl: loopback: ip: - "127.0.0.0/8" - "::1" access: mynetworks: loopback: allow all: deny modules: ... mod_register: ip_access: mynetworks ...
If you ever need to open in-band registration, at least use global level parameter to limit number of registration per IP per hour: registration_timeout: 3600 Reference: mod_register ejabberd documentation
Web registration form ejabberd even has web registration form with captcha, mod_register_web: hosts: ["example.org"] listen: - port: 5281 module: ejabberd_http register: true captcha: true certfile: "/etc/ejabberd/certificate.pem" tls: true ... modules: ... mod_register_web: {} ... captcha_cmd: "/lib/ejabberd/priv/bin/captcha.sh" captcha_host: "example.org:5281" You can then create account from https://example.org:5281 Reference: mod_register_web ejabberd documentation
Direct back-end integration for authentication However, most development use custom authentication pointing to existing database. Registration happens in back-end with typical existing spam prevention.
Policy change in ejabberd default configuration Starting from ejabberd 15.12, mod_register will be disabled in default example configuration file.
User Directory Unless you run an internal corporate server, you should probably disable Jabber Search feature, in mod_vcard : modules: ... mod_vcard: search: false ... Reference: mod_vcard ejabberd Documentation
Policy change in ejabberd default configuration Starting from ejabberd 15.12, mod_vcard search option default value will become false instead of true.
Restrict presence subscription request spam mod_presence_counter limits the sending or receiving of too many presence subscription requests: modules: ... mod_pres_counter: count: 5 interval: 60 ... Reference: mod_pres_counter ejabberd documentation
Server-to-server whitelist / blacklist Even if you have enable a tight control on who can login on your own server, you can received spam messages coming from federated network. ejabberd provides tools to allow admin to choose one of two modes of operation: Whitelist: open federation with only approved servers: acl: trusted_servers: server: - "example.com" - "jabber.example.org" access: s2s: trusted_servers: allow all: deny s2s_access: s2s ...
Blacklist: block certain servers from s2s federation if they have been identified as a source of spam: acl: blocked_servers: server: - "example.com" - "jabber.example.org" access: s2s: blocked_servers: deny all: allow s2s_access: s2s ...
Multi-User Chat blocking spam and abuse Multi-User Chat is often a privileged target for spammer as it amplifies the audience of each spam messages. ejabberd has many tools to protect users against MUC spam: Blocking: MUC owners can ban members. This is standard XMPP. Preventing s2s users to join or just to create MUC: acl: admin: user: - "admin": "example.org" local: user_regexp: "" access: muc_admin: admin: allow modules: ... mod_muc: access: all access_create: local access_persistent: local access_admin: muc_admin ...
Many MUC traffic regulation options: max_user_conferences: Maximum number a user can join at the same time to limit impact of bots. min_message_interval min_presence_interval max_users_presence: overcrowded room management.
Ability to limit identifiers: identifier can be used to spam or attempt to break client by using very long names: max_room_id max_room_name max_room_desc max_nickname: Missing option, will be added in upcoming ejabberd version
Explicit anti spam options: captcha_protected flag spam_prevention flag for mod_muc_log
Other general tools available in ejabberd to prevent spam Reporting and metrics (through Teamleader or mod_metrics and Grapherl) Ability to sample usage during a few seconds to find abusers (Teamleader) Logging suspicious behaviour or abuse: e.g. mod_pres_counter will log a warning when triggered.
What's next for spam prevention ? Drafts XEP on Spam prevention: XEP-0159: Spim-Blocking Control XEP-0267: Server Buddies: Trust marker for peer servers. XEP-0268: Incident Handling: Allow Spam reporting, specifically between trusted servers. XEP-0275: Entity Reputation
ejabberd upcoming modules: Advanced Blocking Thanks to it broad scope of API hooks, ejabberd is well equipped to let server admin build custom tools.
Block messages from contact not in roster In XMPP message are not limited to users in your roster. However, it makes sense to let server admin configure service to block messages from contact not in roster. We need to extend filter_packet API with information on roster, so that plugin can implement this filtering. This rules could be enforced: only for contacts from other domains (message coming from federation) Both remote and local contact (more useful for public servers).
Roster subscription blocking We can consider rejecting incoming contact addition on s2s if they have not been initiated by the local user. This measure could be only temporary as if every server enables that option, it becomes impossible to add any user. We can link the blocking to a reputation system, e.g. reject subscription request from user marked with low reputation from remote server.
Reputation system It is possible to build a reputation system for users to give hints to other server about the user status. For example a server could rely on user account creation date and activity to flag users as trusted. This trust flag could be added to outgoing subscription requests.
Custom filter modules as response to spam pattern analysis It is possible to use pattern seen on a current spam attack to block messages. For example, on user on StackOverflow had his server targetted with standard message with subject. As they are rarely used in standard chat approach, those messages can be blocked at least temporarily to block a certain spam attack. Spammers are likely to change pattern, but it can help mitigate issue. In that case, spam is annoying because some clients open special pop up message window for each message with a topic.
Here is for example a filter module targeting that case: %% Declare module in ejabberd.yml %% modules: %% mod_subject_block: {} -module(mod_subject_block). -behaviour(gen_mod). -include("../deps/p1_xml/include/xml.hrl"). -include("logger.hrl"). -export([start/2, stop/1, on_filter_packet/1]). start(_Host, _Opts) -> ejabberd_hooks:add(filter_packet, global, ?MODULE, on_filter_packet, 50), ok. stop(_Host) -> ejabberd_hooks:delete(filter_packet, global, ?MODULE, on_filter_packet, 50), ok. on_filter_packet({_From, _To, XML = #xmlel{name = <<"message">>, attrs = Attrs}} = Arg) - > ?INFO_MSG("Filtering message ~p", [XML]), case proplists:get_value(<<"type">>, Attrs, <<"normal">>) of <<"normal">> -> drop; _ -> check_subject(Arg) end; on_filter_packet(Packet) -> Packet. check_subject({From, To, XML = #xmlel{name = <<"message">>, children = Children}}) -> ShouldBlock = lists:foldl(fun(#xmlel{name = <<"subject">>}, _) -> true; (_Child, State) -> State end, false, Children), case ShouldBlock of true -> drop; _ -> {From, To, XML} end. %%...
Conclusion During the past years, XMPP has been relatively free from spam. Most of the issue were Denial of Service under various forms. However, the recent rise of spam is make spam fighting an important topic on ejabberd development roadmap. You can expect more modules to fight spam in the short term.

Recommandé

Deep Dive Into ejabberd Pubsub Implementation
Deep Dive Into ejabberd Pubsub ImplementationDeep Dive Into ejabberd Pubsub Implementation
Deep Dive Into ejabberd Pubsub ImplementationMickaël Rémond
 
XMPP Academy #3
XMPP Academy #3XMPP Academy #3
XMPP Academy #3Mickaël Rémond
 
Real life XMPP Instant Messaging
Real life XMPP Instant MessagingReal life XMPP Instant Messaging
Real life XMPP Instant MessagingMickaël Rémond
 
WebSockets with Spring 4
WebSockets with Spring 4WebSockets with Spring 4
WebSockets with Spring 4Sergi Almar i Graupera
 
Web sockets in Java
Web sockets in JavaWeb sockets in Java
Web sockets in JavaPance Cavkovski
 
Ejabberd Session
Ejabberd SessionEjabberd Session
Ejabberd SessionKunal Saxena
 
RabbitMQ + CouchDB = Awesome
RabbitMQ + CouchDB = AwesomeRabbitMQ + CouchDB = Awesome
RabbitMQ + CouchDB = AwesomeLenz Gschwendtner
 
Service-Oriented Integration With Apache ServiceMix
Service-Oriented Integration With Apache ServiceMixService-Oriented Integration With Apache ServiceMix
Service-Oriented Integration With Apache ServiceMixBruce Snyder
 

Recommandé

Deep Dive Into ejabberd Pubsub Implementation
Deep Dive Into ejabberd Pubsub ImplementationDeep Dive Into ejabberd Pubsub Implementation
Deep Dive Into ejabberd Pubsub ImplementationMickaël Rémond
 
XMPP Academy #3
XMPP Academy #3XMPP Academy #3
XMPP Academy #3Mickaël Rémond
 
Real life XMPP Instant Messaging
Real life XMPP Instant MessagingReal life XMPP Instant Messaging
Real life XMPP Instant MessagingMickaël Rémond
 
WebSockets with Spring 4
WebSockets with Spring 4WebSockets with Spring 4
WebSockets with Spring 4Sergi Almar i Graupera
 
Web sockets in Java
Web sockets in JavaWeb sockets in Java
Web sockets in JavaPance Cavkovski
 
Ejabberd Session
Ejabberd SessionEjabberd Session
Ejabberd SessionKunal Saxena
 
RabbitMQ + CouchDB = Awesome
RabbitMQ + CouchDB = AwesomeRabbitMQ + CouchDB = Awesome
RabbitMQ + CouchDB = AwesomeLenz Gschwendtner
 
Service-Oriented Integration With Apache ServiceMix
Service-Oriented Integration With Apache ServiceMixService-Oriented Integration With Apache ServiceMix
Service-Oriented Integration With Apache ServiceMixBruce Snyder
 
MNPHP Scalable Architecture 101 - Feb 3 2011
MNPHP Scalable Architecture 101 - Feb 3 2011MNPHP Scalable Architecture 101 - Feb 3 2011
MNPHP Scalable Architecture 101 - Feb 3 2011Mike Willbanks
 
PostgreSQL: meet your queue
PostgreSQL: meet your queuePostgreSQL: meet your queue
PostgreSQL: meet your queueTheo Schlossnagle
 
Varnish Configuration Step by Step
Varnish Configuration Step by StepVarnish Configuration Step by Step
Varnish Configuration Step by StepKim Stefan Lindholm
 
ServiceMix 4 -- Integrating OSGi with JBI
ServiceMix 4 -- Integrating OSGi with JBIServiceMix 4 -- Integrating OSGi with JBI
ServiceMix 4 -- Integrating OSGi with JBIGert Vanthienen
 
Ansible automation tool with modules
Ansible automation tool with modulesAnsible automation tool with modules
Ansible automation tool with modulesmohamedmoharam
 
Service Oriented Integration With ServiceMix
Service Oriented Integration With ServiceMixService Oriented Integration With ServiceMix
Service Oriented Integration With ServiceMixBruce Snyder
 
Apache Performance Tuning: Scaling Up
Apache Performance Tuning: Scaling UpApache Performance Tuning: Scaling Up
Apache Performance Tuning: Scaling UpSander Temme
 
Apc presentation
Apc presentationApc presentation
Apc presentationguestef8544
 
Improving PHP Application Performance with APC
Improving PHP Application Performance with APCImproving PHP Application Performance with APC
Improving PHP Application Performance with APCvortexau
 
/* pOrt80BKK */ - PHP Day - PHP Performance with APC + Memcached for Windows
/* pOrt80BKK */ - PHP Day - PHP Performance with APC + Memcached for Windows/* pOrt80BKK */ - PHP Day - PHP Performance with APC + Memcached for Windows
/* pOrt80BKK */ - PHP Day - PHP Performance with APC + Memcached for WindowsFord AntiTrust
 
An Introduction to Apache ServiceMix 4 - FUSE ESB
An Introduction to Apache ServiceMix 4 - FUSE ESBAn Introduction to Apache ServiceMix 4 - FUSE ESB
An Introduction to Apache ServiceMix 4 - FUSE ESBAdrian Trenaman
 
Integrating PostgreSql with RabbitMQ
Integrating PostgreSql with RabbitMQIntegrating PostgreSql with RabbitMQ
Integrating PostgreSql with RabbitMQGavin Roy
 
Asynchronous Web Programming with HTML5 WebSockets and Java
Asynchronous Web Programming with HTML5 WebSockets and JavaAsynchronous Web Programming with HTML5 WebSockets and Java
Asynchronous Web Programming with HTML5 WebSockets and JavaJames Falkner
 
WebSocket
WebSocketWebSocket
WebSocketnjamnjam
 
Python Deployment with Fabric
Python Deployment with FabricPython Deployment with Fabric
Python Deployment with Fabricandymccurdy
 
Tsung info
Tsung infoTsung info
Tsung infoBranden Visser
 
Behind the Scenes at LiveJournal: Scaling Storytime
Behind the Scenes at LiveJournal: Scaling StorytimeBehind the Scenes at LiveJournal: Scaling Storytime
Behind the Scenes at LiveJournal: Scaling StorytimeSergeyChernyshev
 
Scaling applications with RabbitMQ at SunshinePHP
Scaling applications with RabbitMQ at SunshinePHPScaling applications with RabbitMQ at SunshinePHP
Scaling applications with RabbitMQ at SunshinePHPAlvaro Videla
 
Kubernetes #4 volume &amp; stateful set
Kubernetes #4 volume &amp; stateful setKubernetes #4 volume &amp; stateful set
Kubernetes #4 volume &amp; stateful setTerry Cho
 
High powered messaging with RabbitMQ
High powered messaging with RabbitMQHigh powered messaging with RabbitMQ
High powered messaging with RabbitMQJames Carr
 
XMPP Academy #2
XMPP Academy #2XMPP Academy #2
XMPP Academy #2Mickaël Rémond
 
Component based message alerting on as abap scn
Component based message alerting on as abap scnComponent based message alerting on as abap scn
Component based message alerting on as abap scnPradeep Tiwary
 

Contenu connexe

Tendances

MNPHP Scalable Architecture 101 - Feb 3 2011
MNPHP Scalable Architecture 101 - Feb 3 2011MNPHP Scalable Architecture 101 - Feb 3 2011
MNPHP Scalable Architecture 101 - Feb 3 2011Mike Willbanks
 
Varnish Configuration Step by Step
Varnish Configuration Step by StepVarnish Configuration Step by Step
Varnish Configuration Step by StepKim Stefan Lindholm
 
ServiceMix 4 -- Integrating OSGi with JBI
ServiceMix 4 -- Integrating OSGi with JBIServiceMix 4 -- Integrating OSGi with JBI
ServiceMix 4 -- Integrating OSGi with JBIGert Vanthienen
 
Ansible automation tool with modules
Ansible automation tool with modulesAnsible automation tool with modules
Ansible automation tool with modulesmohamedmoharam
 
Service Oriented Integration With ServiceMix
Service Oriented Integration With ServiceMixService Oriented Integration With ServiceMix
Service Oriented Integration With ServiceMixBruce Snyder
 
Apache Performance Tuning: Scaling Up
Apache Performance Tuning: Scaling UpApache Performance Tuning: Scaling Up
Apache Performance Tuning: Scaling UpSander Temme
 
Apc presentation
Apc presentationApc presentation
Apc presentationguestef8544
 
Improving PHP Application Performance with APC
Improving PHP Application Performance with APCImproving PHP Application Performance with APC
Improving PHP Application Performance with APCvortexau
 
/* pOrt80BKK */ - PHP Day - PHP Performance with APC + Memcached for Windows
/* pOrt80BKK */ - PHP Day - PHP Performance with APC + Memcached for Windows/* pOrt80BKK */ - PHP Day - PHP Performance with APC + Memcached for Windows
/* pOrt80BKK */ - PHP Day - PHP Performance with APC + Memcached for WindowsFord AntiTrust
 
An Introduction to Apache ServiceMix 4 - FUSE ESB
An Introduction to Apache ServiceMix 4 - FUSE ESBAn Introduction to Apache ServiceMix 4 - FUSE ESB
An Introduction to Apache ServiceMix 4 - FUSE ESBAdrian Trenaman
 
Integrating PostgreSql with RabbitMQ
Integrating PostgreSql with RabbitMQIntegrating PostgreSql with RabbitMQ
Integrating PostgreSql with RabbitMQGavin Roy
 
Asynchronous Web Programming with HTML5 WebSockets and Java
Asynchronous Web Programming with HTML5 WebSockets and JavaAsynchronous Web Programming with HTML5 WebSockets and Java
Asynchronous Web Programming with HTML5 WebSockets and JavaJames Falkner
 
Python Deployment with Fabric
Python Deployment with FabricPython Deployment with Fabric
Python Deployment with Fabricandymccurdy
 
Behind the Scenes at LiveJournal: Scaling Storytime
Behind the Scenes at LiveJournal: Scaling StorytimeBehind the Scenes at LiveJournal: Scaling Storytime
Behind the Scenes at LiveJournal: Scaling StorytimeSergeyChernyshev
 
Scaling applications with RabbitMQ at SunshinePHP
Scaling applications with RabbitMQ at SunshinePHPScaling applications with RabbitMQ at SunshinePHP
Scaling applications with RabbitMQ at SunshinePHPAlvaro Videla
 
Kubernetes #4 volume &amp; stateful set
Kubernetes #4 volume &amp; stateful setKubernetes #4 volume &amp; stateful set
Kubernetes #4 volume &amp; stateful setTerry Cho
 
High powered messaging with RabbitMQ
High powered messaging with RabbitMQHigh powered messaging with RabbitMQ
High powered messaging with RabbitMQJames Carr
 

Tendances (20)

MNPHP Scalable Architecture 101 - Feb 3 2011
MNPHP Scalable Architecture 101 - Feb 3 2011MNPHP Scalable Architecture 101 - Feb 3 2011
MNPHP Scalable Architecture 101 - Feb 3 2011
 
PostgreSQL: meet your queue
PostgreSQL: meet your queuePostgreSQL: meet your queue
PostgreSQL: meet your queue
 
Varnish Configuration Step by Step
Varnish Configuration Step by StepVarnish Configuration Step by Step
Varnish Configuration Step by Step
 
ServiceMix 4 -- Integrating OSGi with JBI
ServiceMix 4 -- Integrating OSGi with JBIServiceMix 4 -- Integrating OSGi with JBI
ServiceMix 4 -- Integrating OSGi with JBI
 
Ansible automation tool with modules
Ansible automation tool with modulesAnsible automation tool with modules
Ansible automation tool with modules
 
Service Oriented Integration With ServiceMix
Service Oriented Integration With ServiceMixService Oriented Integration With ServiceMix
Service Oriented Integration With ServiceMix
 
Apache Performance Tuning: Scaling Up
Apache Performance Tuning: Scaling UpApache Performance Tuning: Scaling Up
Apache Performance Tuning: Scaling Up
 
Apc presentation
Apc presentationApc presentation
Apc presentation
 
Improving PHP Application Performance with APC
Improving PHP Application Performance with APCImproving PHP Application Performance with APC
Improving PHP Application Performance with APC
 
/* pOrt80BKK */ - PHP Day - PHP Performance with APC + Memcached for Windows
/* pOrt80BKK */ - PHP Day - PHP Performance with APC + Memcached for Windows/* pOrt80BKK */ - PHP Day - PHP Performance with APC + Memcached for Windows
/* pOrt80BKK */ - PHP Day - PHP Performance with APC + Memcached for Windows
 
An Introduction to Apache ServiceMix 4 - FUSE ESB
An Introduction to Apache ServiceMix 4 - FUSE ESBAn Introduction to Apache ServiceMix 4 - FUSE ESB
An Introduction to Apache ServiceMix 4 - FUSE ESB
 
Integrating PostgreSql with RabbitMQ
Integrating PostgreSql with RabbitMQIntegrating PostgreSql with RabbitMQ
Integrating PostgreSql with RabbitMQ
 
Asynchronous Web Programming with HTML5 WebSockets and Java
Asynchronous Web Programming with HTML5 WebSockets and JavaAsynchronous Web Programming with HTML5 WebSockets and Java
Asynchronous Web Programming with HTML5 WebSockets and Java
 
WebSocket
WebSocketWebSocket
WebSocket
 
Python Deployment with Fabric
Python Deployment with FabricPython Deployment with Fabric
Python Deployment with Fabric
 
Tsung info
Tsung infoTsung info
Tsung info
 
Behind the Scenes at LiveJournal: Scaling Storytime
Behind the Scenes at LiveJournal: Scaling StorytimeBehind the Scenes at LiveJournal: Scaling Storytime
Behind the Scenes at LiveJournal: Scaling Storytime
 
Scaling applications with RabbitMQ at SunshinePHP
Scaling applications with RabbitMQ at SunshinePHPScaling applications with RabbitMQ at SunshinePHP
Scaling applications with RabbitMQ at SunshinePHP
 
Kubernetes #4 volume &amp; stateful set
Kubernetes #4 volume &amp; stateful setKubernetes #4 volume &amp; stateful set
Kubernetes #4 volume &amp; stateful set
 
High powered messaging with RabbitMQ
High powered messaging with RabbitMQHigh powered messaging with RabbitMQ
High powered messaging with RabbitMQ
 

Similaire à Fighting XMPP abuse and spam with ejabberd - ejabberd Workshop #1

Component based message alerting on as abap scn
Component based message alerting on as abap scnComponent based message alerting on as abap scn
Component based message alerting on as abap scnPradeep Tiwary
 
"Surviving highload with Node.js", Andrii Shumada
"Surviving highload with Node.js", Andrii Shumada "Surviving highload with Node.js", Andrii Shumada
"Surviving highload with Node.js", Andrii Shumada Fwdays
 
The Art of Message Queues - TEKX
The Art of Message Queues - TEKXThe Art of Message Queues - TEKX
The Art of Message Queues - TEKXMike Willbanks
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with phpMohmad Feroz
 
Messaging With Erlang And Jabber
Messaging With Erlang And JabberMessaging With Erlang And Jabber
Messaging With Erlang And Jabberl xf
 
Symantec AntiSpam Complete Overview (PowerPoint)
Symantec AntiSpam Complete Overview (PowerPoint)Symantec AntiSpam Complete Overview (PowerPoint)
Symantec AntiSpam Complete Overview (PowerPoint)webhostingguy
 
Symantec AntiSpam Complete Overview (PowerPoint)
Symantec AntiSpam Complete Overview (PowerPoint)Symantec AntiSpam Complete Overview (PowerPoint)
Symantec AntiSpam Complete Overview (PowerPoint)webhostingguy
 
Microservices Practitioner Summit Jan '15 - Don't Build a Distributed Monolit...
Microservices Practitioner Summit Jan '15 - Don't Build a Distributed Monolit...Microservices Practitioner Summit Jan '15 - Don't Build a Distributed Monolit...
Microservices Practitioner Summit Jan '15 - Don't Build a Distributed Monolit...Ambassador Labs
 
ARMITAGE-THE CYBER ATTACK MANAGEMENT
ARMITAGE-THE CYBER ATTACK MANAGEMENTARMITAGE-THE CYBER ATTACK MANAGEMENT
ARMITAGE-THE CYBER ATTACK MANAGEMENTDevil's Cafe
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug BountiesOWASP Nagpur
 
bettercap.pdf
bettercap.pdfbettercap.pdf
bettercap.pdfshehbaz15
 
Client/Server Paradigm And Its Implementation
Client/Server Paradigm And Its ImplementationClient/Server Paradigm And Its Implementation
Client/Server Paradigm And Its ImplementationRoman Agaev
 
Chat app case study - xmpp vs SIP
Chat app case study - xmpp vs SIPChat app case study - xmpp vs SIP
Chat app case study - xmpp vs SIPGenora Infotech
 
Ejabberd with xmpp
Ejabberd with xmppEjabberd with xmpp
Ejabberd with xmppPrem Narain
 
An Effective Spam Protection System
An Effective Spam Protection SystemAn Effective Spam Protection System
An Effective Spam Protection SystemApollo_n
 
Penetration Testing Report
Penetration Testing ReportPenetration Testing Report
Penetration Testing ReportAman Srivastava
 

Similaire à Fighting XMPP abuse and spam with ejabberd - ejabberd Workshop #1 (20)

XMPP Academy #2
XMPP Academy #2XMPP Academy #2
XMPP Academy #2
 
Component based message alerting on as abap scn
Component based message alerting on as abap scnComponent based message alerting on as abap scn
Component based message alerting on as abap scn
 
"Surviving highload with Node.js", Andrii Shumada
"Surviving highload with Node.js", Andrii Shumada "Surviving highload with Node.js", Andrii Shumada
"Surviving highload with Node.js", Andrii Shumada
 
The Art of Message Queues - TEKX
The Art of Message Queues - TEKXThe Art of Message Queues - TEKX
The Art of Message Queues - TEKX
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with php
 
Messaging With Erlang And Jabber
Messaging With Erlang And JabberMessaging With Erlang And Jabber
Messaging With Erlang And Jabber
 
Symantec AntiSpam Complete Overview (PowerPoint)
Symantec AntiSpam Complete Overview (PowerPoint)Symantec AntiSpam Complete Overview (PowerPoint)
Symantec AntiSpam Complete Overview (PowerPoint)
 
Symantec AntiSpam Complete Overview (PowerPoint)
Symantec AntiSpam Complete Overview (PowerPoint)Symantec AntiSpam Complete Overview (PowerPoint)
Symantec AntiSpam Complete Overview (PowerPoint)
 
Microservices Practitioner Summit Jan '15 - Don't Build a Distributed Monolit...
Microservices Practitioner Summit Jan '15 - Don't Build a Distributed Monolit...Microservices Practitioner Summit Jan '15 - Don't Build a Distributed Monolit...
Microservices Practitioner Summit Jan '15 - Don't Build a Distributed Monolit...
 
ARMITAGE-THE CYBER ATTACK MANAGEMENT
ARMITAGE-THE CYBER ATTACK MANAGEMENTARMITAGE-THE CYBER ATTACK MANAGEMENT
ARMITAGE-THE CYBER ATTACK MANAGEMENT
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug Bounties
 
ScavengerEXA
ScavengerEXAScavengerEXA
ScavengerEXA
 
bettercap.pdf
bettercap.pdfbettercap.pdf
bettercap.pdf
 
Client/Server Paradigm And Its Implementation
Client/Server Paradigm And Its ImplementationClient/Server Paradigm And Its Implementation
Client/Server Paradigm And Its Implementation
 
Art Of Message Queues
Art Of Message QueuesArt Of Message Queues
Art Of Message Queues
 
Chat app case study - xmpp vs SIP
Chat app case study - xmpp vs SIPChat app case study - xmpp vs SIP
Chat app case study - xmpp vs SIP
 
Ejabberd with xmpp
Ejabberd with xmppEjabberd with xmpp
Ejabberd with xmpp
 
An Effective Spam Protection System
An Effective Spam Protection SystemAn Effective Spam Protection System
An Effective Spam Protection System
 
Spam Wars
Spam WarsSpam Wars
Spam Wars
 
Penetration Testing Report
Penetration Testing ReportPenetration Testing Report
Penetration Testing Report
 

Plus de Mickaël Rémond

Go for Real Time Streaming Architectures - DotGo 2017
Go for Real Time Streaming Architectures - DotGo 2017Go for Real Time Streaming Architectures - DotGo 2017
Go for Real Time Streaming Architectures - DotGo 2017Mickaël Rémond
 
Phoenix Presence: Le service temps réel de Phoenix - Paris.ex #8
Phoenix Presence: Le service temps réel de Phoenix - Paris.ex #8 Phoenix Presence: Le service temps réel de Phoenix - Paris.ex #8
Phoenix Presence: Le service temps réel de Phoenix - Paris.ex #8 Mickaël Rémond
 
Managing ejabberd Platforms with Docker - ejabberd Workshop #1
Managing ejabberd Platforms with Docker - ejabberd Workshop #1Managing ejabberd Platforms with Docker - ejabberd Workshop #1
Managing ejabberd Platforms with Docker - ejabberd Workshop #1Mickaël Rémond
 
Messaging temps réel avec Go
Messaging temps réel avec GoMessaging temps réel avec Go
Messaging temps réel avec GoMickaël Rémond
 
Building Scalable Systems: What you can learn from Erlang - DotScale 2016
Building Scalable Systems: What you can learn from Erlang - DotScale 2016Building Scalable Systems: What you can learn from Erlang - DotScale 2016
Building Scalable Systems: What you can learn from Erlang - DotScale 2016Mickaël Rémond
 
Property-based testing of XMPP: generate your tests automatically - ejabberd ...
Property-based testing of XMPP: generate your tests automatically - ejabberd ...Property-based testing of XMPP: generate your tests automatically - ejabberd ...
Property-based testing of XMPP: generate your tests automatically - ejabberd ...Mickaël Rémond
 
IoT Studio #1: Protocols introduction and connected jukebox
IoT Studio #1: Protocols introduction and connected jukeboxIoT Studio #1: Protocols introduction and connected jukebox
IoT Studio #1: Protocols introduction and connected jukeboxMickaël Rémond
 
2015: L'année d'Elixir, Code, écosystème et communauté
2015: L'année d'Elixir, Code, écosystème et communauté2015: L'année d'Elixir, Code, écosystème et communauté
2015: L'année d'Elixir, Code, écosystème et communautéMickaël Rémond
 
Archipel Introduction - ejabberd SF Meetup
Archipel Introduction - ejabberd SF MeetupArchipel Introduction - ejabberd SF Meetup
Archipel Introduction - ejabberd SF MeetupMickaël Rémond
 
A vision for ejabberd - ejabberd SF Meetup
A vision for ejabberd - ejabberd SF MeetupA vision for ejabberd - ejabberd SF Meetup
A vision for ejabberd - ejabberd SF MeetupMickaël Rémond
 
ProcessOne Push Platform: XMPP-based Push Solutions
ProcessOne Push Platform: XMPP-based Push SolutionsProcessOne Push Platform: XMPP-based Push Solutions
ProcessOne Push Platform: XMPP-based Push SolutionsMickaël Rémond
 
WaveOne server and client by ProcessOne
WaveOne server and client by ProcessOneWaveOne server and client by ProcessOne
WaveOne server and client by ProcessOneMickaël Rémond
 
Real time Web Application with XMPP and Wave
Real time Web Application with XMPP and WaveReal time Web Application with XMPP and Wave
Real time Web Application with XMPP and WaveMickaël Rémond
 

Plus de Mickaël Rémond (18)

Go for Real Time Streaming Architectures - DotGo 2017
Go for Real Time Streaming Architectures - DotGo 2017Go for Real Time Streaming Architectures - DotGo 2017
Go for Real Time Streaming Architectures - DotGo 2017
 
Phoenix Presence: Le service temps réel de Phoenix - Paris.ex #8
Phoenix Presence: Le service temps réel de Phoenix - Paris.ex #8 Phoenix Presence: Le service temps réel de Phoenix - Paris.ex #8
Phoenix Presence: Le service temps réel de Phoenix - Paris.ex #8
 
Managing ejabberd Platforms with Docker - ejabberd Workshop #1
Managing ejabberd Platforms with Docker - ejabberd Workshop #1Managing ejabberd Platforms with Docker - ejabberd Workshop #1
Managing ejabberd Platforms with Docker - ejabberd Workshop #1
 
Messaging temps réel avec Go
Messaging temps réel avec GoMessaging temps réel avec Go
Messaging temps réel avec Go
 
Building Scalable Systems: What you can learn from Erlang - DotScale 2016
Building Scalable Systems: What you can learn from Erlang - DotScale 2016Building Scalable Systems: What you can learn from Erlang - DotScale 2016
Building Scalable Systems: What you can learn from Erlang - DotScale 2016
 
Property-based testing of XMPP: generate your tests automatically - ejabberd ...
Property-based testing of XMPP: generate your tests automatically - ejabberd ...Property-based testing of XMPP: generate your tests automatically - ejabberd ...
Property-based testing of XMPP: generate your tests automatically - ejabberd ...
 
IoT Studio #1: Protocols introduction and connected jukebox
IoT Studio #1: Protocols introduction and connected jukeboxIoT Studio #1: Protocols introduction and connected jukebox
IoT Studio #1: Protocols introduction and connected jukebox
 
2015: L'année d'Elixir, Code, écosystème et communauté
2015: L'année d'Elixir, Code, écosystème et communauté2015: L'année d'Elixir, Code, écosystème et communauté
2015: L'année d'Elixir, Code, écosystème et communauté
 
XMPP Academy #1
XMPP Academy #1XMPP Academy #1
XMPP Academy #1
 
Archipel Introduction - ejabberd SF Meetup
Archipel Introduction - ejabberd SF MeetupArchipel Introduction - ejabberd SF Meetup
Archipel Introduction - ejabberd SF Meetup
 
A vision for ejabberd - ejabberd SF Meetup
A vision for ejabberd - ejabberd SF MeetupA vision for ejabberd - ejabberd SF Meetup
A vision for ejabberd - ejabberd SF Meetup
 
Multitasking in iOS 7
Multitasking in iOS 7Multitasking in iOS 7
Multitasking in iOS 7
 
ProcessOne Push Platform: XMPP-based Push Solutions
ProcessOne Push Platform: XMPP-based Push SolutionsProcessOne Push Platform: XMPP-based Push Solutions
ProcessOne Push Platform: XMPP-based Push Solutions
 
WaveOne server and client by ProcessOne
WaveOne server and client by ProcessOneWaveOne server and client by ProcessOne
WaveOne server and client by ProcessOne
 
Real time Web Application with XMPP and Wave
Real time Web Application with XMPP and WaveReal time Web Application with XMPP and Wave
Real time Web Application with XMPP and Wave
 
Erlang White Label
Erlang White LabelErlang White Label
Erlang White Label
 
OneTeam Media Server
OneTeam Media ServerOneTeam Media Server
OneTeam Media Server
 
OneTeam Media Server
OneTeam Media ServerOneTeam Media Server
OneTeam Media Server
 

Dernier

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 

Dernier (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 

Fighting XMPP abuse and spam with ejabberd - ejabberd Workshop #1

  • 1. Fighting XMPP messaging spam thanks to ejabberd API 17th November 2015 Mickaël Rémond <mremond@process-one.net>
  • 2. Introduction There has been some discussions recently on XMPP operator mailing about the rise of spam attacks on the XMPP federation. Posts on XMPP operators mailing list: Reference: http://mail.jabber.org/pipermail/operators/2015-November/002745.html Simon Josefsson Tue Nov 10 15:12:49 UTC 2015 Hi, I'm seeing similar spam, for me it started on October 27 and I've received spam on November 3rd, 4th, 7th and 9th as well. From different JIDs/servers. Is there any documentation on spam prevention on xmpp servers? Any system to submit spam examples that expose a DNS-based blacklists? I'm certain spamassassin would have scored the examples I received fairly high, but perhaps there are other ways to deal with spam in XMPP as well. /Simon
  • 3. Goal I decided to add a talk to this ejabberd workshop to show ejabberd offer the needed tooling and API to fight attacks. Describe existing settings and tools Explore spam fighting tools improvements
  • 4. Existing ejabberd anti-spam leverages Disable services that are obvious spam vectors Restrict abusive behaviour Block users and servers Analyse and detect issue to react
  • 5. Disable or limit spammers "tools" Handy tools for spammers are: User in-band registration - XEP-0077: Allow self user creation from any client Typically used to create massive number of accounts with bots Accounts are used to send spam on local or remote servers through XMPP federation (s2s) Jabber User Directory - XEP-0055: Jabber Search: Use to harvest XMPP account as spam target.
  • 6. mod_register configuration best practices Make sure in-band registration is disabled. Check mod_register is not enabled / commented out in modules section of ejabberd: modules: ... # mod_register: {} ...
  • 7. Or at least use captchas to protect registration from bots: hosts: ["example.org"] captcha_cmd: "/lib/ejabberd/priv/bin/captcha.sh" captcha_host: "example.org:5280" listen: ... - port: 5280 module: ejabberd_http captcha: true ... Captcha challenge contains a link to use browser for client that do not support them directly.
  • 8. You can restrict registration to list of IPs: acl: loopback: ip: - "127.0.0.0/8" - "::1" access: mynetworks: loopback: allow all: deny modules: ... mod_register: ip_access: mynetworks ...
  • 9. If you ever need to open in-band registration, at least use global level parameter to limit number of registration per IP per hour: registration_timeout: 3600 Reference: mod_register ejabberd documentation
  • 10. Web registration form ejabberd even has web registration form with captcha, mod_register_web: hosts: ["example.org"] listen: - port: 5281 module: ejabberd_http register: true captcha: true certfile: "/etc/ejabberd/certificate.pem" tls: true ... modules: ... mod_register_web: {} ... captcha_cmd: "/lib/ejabberd/priv/bin/captcha.sh" captcha_host: "example.org:5281" You can then create account from https://example.org:5281 Reference: mod_register_web ejabberd documentation
  • 11. Direct back-end integration for authentication However, most development use custom authentication pointing to existing database. Registration happens in back-end with typical existing spam prevention.
  • 12. Policy change in ejabberd default configuration Starting from ejabberd 15.12, mod_register will be disabled in default example configuration file.
  • 13. User Directory Unless you run an internal corporate server, you should probably disable Jabber Search feature, in mod_vcard : modules: ... mod_vcard: search: false ... Reference: mod_vcard ejabberd Documentation
  • 14. Policy change in ejabberd default configuration Starting from ejabberd 15.12, mod_vcard search option default value will become false instead of true.
  • 15. Restrict presence subscription request spam mod_presence_counter limits the sending or receiving of too many presence subscription requests: modules: ... mod_pres_counter: count: 5 interval: 60 ... Reference: mod_pres_counter ejabberd documentation
  • 16. Server-to-server whitelist / blacklist Even if you have enable a tight control on who can login on your own server, you can received spam messages coming from federated network. ejabberd provides tools to allow admin to choose one of two modes of operation: Whitelist: open federation with only approved servers: acl: trusted_servers: server: - "example.com" - "jabber.example.org" access: s2s: trusted_servers: allow all: deny s2s_access: s2s ...
  • 17. Blacklist: block certain servers from s2s federation if they have been identified as a source of spam: acl: blocked_servers: server: - "example.com" - "jabber.example.org" access: s2s: blocked_servers: deny all: allow s2s_access: s2s ...
  • 18. Multi-User Chat blocking spam and abuse Multi-User Chat is often a privileged target for spammer as it amplifies the audience of each spam messages. ejabberd has many tools to protect users against MUC spam: Blocking: MUC owners can ban members. This is standard XMPP. Preventing s2s users to join or just to create MUC: acl: admin: user: - "admin": "example.org" local: user_regexp: "" access: muc_admin: admin: allow modules: ... mod_muc: access: all access_create: local access_persistent: local access_admin: muc_admin ...
  • 19. Many MUC traffic regulation options: max_user_conferences: Maximum number a user can join at the same time to limit impact of bots. min_message_interval min_presence_interval max_users_presence: overcrowded room management.
  • 20. Ability to limit identifiers: identifier can be used to spam or attempt to break client by using very long names: max_room_id max_room_name max_room_desc max_nickname: Missing option, will be added in upcoming ejabberd version
  • 21. Explicit anti spam options: captcha_protected flag spam_prevention flag for mod_muc_log
  • 22. Other general tools available in ejabberd to prevent spam Reporting and metrics (through Teamleader or mod_metrics and Grapherl) Ability to sample usage during a few seconds to find abusers (Teamleader) Logging suspicious behaviour or abuse: e.g. mod_pres_counter will log a warning when triggered.
  • 23. What's next for spam prevention ? Drafts XEP on Spam prevention: XEP-0159: Spim-Blocking Control XEP-0267: Server Buddies: Trust marker for peer servers. XEP-0268: Incident Handling: Allow Spam reporting, specifically between trusted servers. XEP-0275: Entity Reputation
  • 24. ejabberd upcoming modules: Advanced Blocking Thanks to it broad scope of API hooks, ejabberd is well equipped to let server admin build custom tools.
  • 25. Block messages from contact not in roster In XMPP message are not limited to users in your roster. However, it makes sense to let server admin configure service to block messages from contact not in roster. We need to extend filter_packet API with information on roster, so that plugin can implement this filtering. This rules could be enforced: only for contacts from other domains (message coming from federation) Both remote and local contact (more useful for public servers).
  • 26. Roster subscription blocking We can consider rejecting incoming contact addition on s2s if they have not been initiated by the local user. This measure could be only temporary as if every server enables that option, it becomes impossible to add any user. We can link the blocking to a reputation system, e.g. reject subscription request from user marked with low reputation from remote server.
  • 27. Reputation system It is possible to build a reputation system for users to give hints to other server about the user status. For example a server could rely on user account creation date and activity to flag users as trusted. This trust flag could be added to outgoing subscription requests.
  • 28. Custom filter modules as response to spam pattern analysis It is possible to use pattern seen on a current spam attack to block messages. For example, on user on StackOverflow had his server targetted with standard message with subject. As they are rarely used in standard chat approach, those messages can be blocked at least temporarily to block a certain spam attack. Spammers are likely to change pattern, but it can help mitigate issue. In that case, spam is annoying because some clients open special pop up message window for each message with a topic.
  • 29. Here is for example a filter module targeting that case: %% Declare module in ejabberd.yml %% modules: %% mod_subject_block: {} -module(mod_subject_block). -behaviour(gen_mod). -include("../deps/p1_xml/include/xml.hrl"). -include("logger.hrl"). -export([start/2, stop/1, on_filter_packet/1]). start(_Host, _Opts) -> ejabberd_hooks:add(filter_packet, global, ?MODULE, on_filter_packet, 50), ok. stop(_Host) -> ejabberd_hooks:delete(filter_packet, global, ?MODULE, on_filter_packet, 50), ok. on_filter_packet({_From, _To, XML = #xmlel{name = <<"message">>, attrs = Attrs}} = Arg) - > ?INFO_MSG("Filtering message ~p", [XML]), case proplists:get_value(<<"type">>, Attrs, <<"normal">>) of <<"normal">> -> drop; _ -> check_subject(Arg) end; on_filter_packet(Packet) -> Packet. check_subject({From, To, XML = #xmlel{name = <<"message">>, children = Children}}) -> ShouldBlock = lists:foldl(fun(#xmlel{name = <<"subject">>}, _) -> true; (_Child, State) -> State end, false, Children), case ShouldBlock of true -> drop; _ -> {From, To, XML} end. %%...
  • 30. Conclusion During the past years, XMPP has been relatively free from spam. Most of the issue were Denial of Service under various forms. However, the recent rise of spam is make spam fighting an important topic on ejabberd development roadmap. You can expect more modules to fight spam in the short term.