JFYI #sinceweeks #spamthem!
###@#####:~# zgrep -wh 'report of spam from JID' /var/log/prosody/prosody.log*|grep -Eio '([[:alnum:]_.-]+@[[:alnum:]_.-]+?\.[[:alpha:].]{2,6})' "$@"|wc -l
66
###@#####:~# zgrep -wh 'report of spam from JID' /var/log/prosody/prosody.log*|grep -Eio '([[:alnum:]_.-]+@[[:alnum:]_.-]+?\.[[:alpha:].]{2,6})' "$@"
lasteamx@linux.monste
ispitanier@pwned.life
lasteamx@linux.monste
ispitanier@pwned.life
mrcsdudez@xmppx.io
ianndisc@jabbim.sk
shalfffey@pimux.de
fisheggm@creep.im
gardemarrinv@c0nnect.de
elvinapostolov@jabber-germany.de
tylerdurden99@pimux.de
housewife@jabber-germany.de
geroevmagomedj@jabb.im
risovkaproh@jabbim.com
ptahha001q@jabber.cz
north9@jabberx.cc
north9@jabberx.cc
niko16@pimux.de
reservedb@chapril.org
dgdoogv@ubuntu-jabber.net
vedmaa@c0nnect.de
devonwill2272y@linuxlovers.at
scadocr@xmpp.party
devonwill2272y@linuxlovers.at
scadocr@xmpp.party
vedmaa@c0nnect.de
harvy13h@xmpp.party
harvy13h@xmpp.party
guntherco4@jabber.sk
scorpions@jabb.im
alarmballasti@nixnet.servic
alarmballasti@nixnet.servic
purecashout@jabber-germany.de
soundclubm@jabbim.pl
bitchpleasel@jabb.im
shxdropsc@verdammung.org
spinokep5@jabb.im
manuscriptf@c0nnect.de
plotus0@jabber.cz
spideysensesy@jabberx.ru
crdcl01e@chatterboxtown.us
spinokep5@jabb.im
manuscriptf@c0nnect.de
plotus0@jabber.cz
spideysensesy@jabberx.ru
hausaguy7@linux.monste
noblesv@jabbim.com
separated1@jabber.cz
assumption@pimux.de
donshyteu@linuxlovers.at
berduttoo@linuxlovers.at
dungeonw@jabber.sk
krachbumente1@pimux.de
spellstaffc@jabber.sk
crdcl01e@chatterboxtown.us
kennyltdo@c0nnect.de
migbank@jabber-germany.de
somesande@jabbim.pl
mahseez@paranoid.networ
mahseez@paranoid.networ
vedushiyf@jabber.cz
shitface420s@jabber.cz
shitface420s@jabber.cz
m16aturservice@jabber-germany.de
m16aturservice@jabber-germany.de
koshelek@pimux.de
###@#####:~# zgrep -wh 'report of spam from JID' /var/log/prosody/prosody.log*|grep -Eio '([[:alnum:]_.-]+@[[:alnum:]_.-]+?\.[[:alpha:].]{2,6})' "$@"| sort | uniq
alarmballasti@nixnet.servic
assumption@pimux.de
berduttoo@linuxlovers.at
bitchpleasel@jabb.im
crdcl01e@chatterboxtown.us
devonwill2272y@linuxlovers.at
dgdoogv@ubuntu-jabber.net
donshyteu@linuxlovers.at
dungeonw@jabber.sk
elvinapostolov@jabber-germany.de
fisheggm@creep.im
gardemarrinv@c0nnect.de
geroevmagomedj@jabb.im
guntherco4@jabber.sk
harvy13h@xmpp.party
hausaguy7@linux.monste
housewife@jabber-germany.de
ianndisc@jabbim.sk
ispitanier@pwned.life
kennyltdo@c0nnect.de
koshelek@pimux.de
krachbumente1@pimux.de
lasteamx@linux.monste
m16aturservice@jabber-germany.de
mahseez@paranoid.networ
manuscriptf@c0nnect.de
migbank@jabber-germany.de
mrcsdudez@xmppx.io
niko16@pimux.de
noblesv@jabbim.com
north9@jabberx.cc
plotus0@jabber.cz
ptahha001q@jabber.cz
purecashout@jabber-germany.de
reservedb@chapril.org
risovkaproh@jabbim.com
scadocr@xmpp.party
scorpions@jabb.im
separated1@jabber.cz
shalfffey@pimux.de
shitface420s@jabber.cz
shxdropsc@verdammung.org
somesande@jabbim.pl
soundclubm@jabbim.pl
spellstaffc@jabber.sk
spideysensesy@jabberx.ru
spinokep5@jabb.im
tylerdurden99@pimux.de
vedmaa@c0nnect.de
vedushiyf@jabber.cz
###@#####:~# # zgrep -wh 'report of spam from JID' /var/log/prosody/prosody.log*|grep -Eio '([[:alnum:]_.-]+@[[:alnum:]_.-]+?\.[[:alpha:].]{2,6})' "$@"| sort | uniq|wc -l
50Little update, after the first analysis …
- Found a simple looking Prosody module to block s2s connections, based on a domain/host list (in the Prosody conf).
- Used the above commands as a good start to generate the needed list/format (with complete domain endings …
- Enabled (added + configured) the Prosody module (and restarted the server)
- FYI: Hosts in/for
s2s_blacklistare updated at Feb 06., 2025
- FYI: Hosts in/for
###@#####:~# zgrep -wh 'report of spam from JID' /var/log/prosody/prosody.log*|grep -Eio '([[:alnum:]_.-]+?\.[[:alpha:].]{2,10})' "$@"| sort | uniq |sed 's/^/ "/' | sed 's/$/",/'
"c0nnect.de",
"chapril.org",
"chatterboxtown.us",
"creep.im",
"jabber.cz",
"jabber-germany.de",
"jabber.sk",
"jabberx.cc",
"jabberx.ru",
"jabb.im",
"jabbim.com",
"jabbim.pl",
"jabbim.sk",
"linuxlovers.at",
"linux.monster",
"nixnet.services",
"paranoid.network",
"pimux.de",
"pwned.life",
"sok.ai",
"ubuntu-jabber.net",
"verdammung.org",
"xmpp.party",
"xmppx.io",
###@#####:~# tree -L 2 -d /opt/
/opt/
└── prosody-modules
├── enabled-modules
└── hg.prosody.im
###@#####:~# vim /etc/prosody/prosody.cfg.lua
###@#####:~# git diff /etc/prosody/prosody.cfg.lua
diff --git a/prosody.cfg.lua b/prosody.cfg.lua
index 44b3dba..06cb68d 100644
--- a/prosody.cfg.lua
+++ b/prosody.cfg.lua
@@ -6,6 +6,7 @@ modules_enabled = {
"report_forward"; -- https://modules.prosody.im/mod_report_forward.html = forward to "the server from which the spam/abuse originated"
--"firewall"; -- https://modules.prosody.im/mod_firewall.html
-- 20241120: see also https://wiki.debian.org/Prosody#Spam ; https://intux.de/2017/11/13/prosody-admin-web/
+ "s2s_blacklist"; -- https://www.sok.ai/2025/annoying-xmpp-spam/
}
c2s_require_encryption = true
@@ -22,6 +23,35 @@ limits = {
};
}
+-- https://www.sok.ai/2025/annoying-xmpp-spam/
+-- `zgrep -wh 'report of spam from JID' /var/log/prosody/prosody.log*|grep -Eio '([[:alnum:]_.-]+?\.[[:alpha:].]{2,10})' "$@"| sort | uniq |sed 's/^/ "/' | sed 's/$/",/'`
+s2s_blacklist = {
+ "c0nnect.de",
+ "chapril.org",
+ "chatterboxtown.us",
+ "creep.im",
+ "jabber.cz",
+ "jabber-germany.de",
+ "jabber.sk",
+ "jabberx.cc",
+ "jabberx.com",
+ "jabberx.io",
+ "jabberx.net",
+ "jabberx.ru",
+ "jabb.im",
+ "jabbim.com",
+ "jabbim.pl",
+ "jabbim.sk",
+ "linuxlovers.at",
+ "linux.monster",
+ "macaw.me",
+ "nixnet.services",
+ "paranoid.network",
+ "pimux.de",
+ "pwned.life",
+ "sok.ai",
+ "ubuntu-jabber.net",
+ "verdammung.org",
+ "xmpp.party",
+ "xmppx.io",
+ "yax.im",
+}
+
###@#####:~# cd /opt/prosody-modules/enabled-modules/
###@#####:/opt/prosody-modules/enabled-modules/# ln -s ../hg.prosody.im/prosody-modules/mod_s2s_blacklist/
###@#####:/opt/prosody-modules/enabled-modules/# systemctl restart prosody.service
###@#####:/opt/prosody-modules/enabled-modules/# tail -n 200 /var/log/prosody/prosody.log|grep s2s
#workssofar + #BIGty2theinternet!
- 0
- 0
- 0
- 1
