There should be a way to mark/flag accounts as suspicious / spammy, without outright deleting them.
I'm looking for a feature where I can automatically restrict an account that has performed shady activities like registering and not logging in for a month, sending masses of messages etc.pp. Deleting an account removes all the associated meta-data and makes recovery impossible in the case of erroneous flagging.
It would be great to be able to "tag" an account, and that tag would be automatically applied to all sessions of that account on login, restricting it. A specific implementation could restrict all flagged accounts to only contact a single support JID and reject any other form of communication.
A generic implementation could leverage mod_firewall to limit what the account's sessions are allowed to do, and provide different tags that can be applied.
Zash
on
I imagined these "tags" as named timestamps, like mod_firewalls MARK ORIGIN, but persistently attached to accounts instead of sessions.
These would be added on events such as account creation, login etc (like mod_lastlog), manually via eg an adhoc-command and a mod_firewall action.
This should allow things like restricting new accounts until explicit admin approval, or time passed, and explicit account flagging.
I'm not sure if MattJ had something different in mind.
Changes
tags Status-Accepted
Ge0rG
on
I had imagined them as a mere list of strings, but I can see merit in having a string->timestamp relationship as well.
"Time passed after account creation" is actually a metric that has been there before and is actively circumvented by spammers, by creating a bulk of accounts and using them only a month later.
Zash
on
An attempt at this done in https://hg.prosody.im/prosody-modules/rev/165d2877eeac
Actions:
MARK USER=label
UNMARK USER=label
Condition:
USER MARKED: label (optional timespec)
Works like MARK ORIGIN & friends but is persistent and shared between all sessions of the same user.
Loading and storing is done on resource bind and unbind and is cached as long as the user has at least one session online.
The code for that is disabled by default unless `firewall_experimental_user_marks` is set to true.
Changes
tags Status-Started
ge0rg
on
It would be a great thing to integrate those marks with mod_register_dnsbl_* as well :)
MattJ
on
ge0rg: Have you used the code Zash committed? Any feedback?
ge0rg
on
Integrated it into my mod_firewall based spambot detector now. Looks good, doesn't seem to crash.
The caching feels a bit cumbersome (ensure that all sessions are offline, delete state), would be great to have some hacky(?) way to change it at runtime.
There should be a way to mark/flag accounts as suspicious / spammy, without outright deleting them. I'm looking for a feature where I can automatically restrict an account that has performed shady activities like registering and not logging in for a month, sending masses of messages etc.pp. Deleting an account removes all the associated meta-data and makes recovery impossible in the case of erroneous flagging. It would be great to be able to "tag" an account, and that tag would be automatically applied to all sessions of that account on login, restricting it. A specific implementation could restrict all flagged accounts to only contact a single support JID and reject any other form of communication. A generic implementation could leverage mod_firewall to limit what the account's sessions are allowed to do, and provide different tags that can be applied.
I imagined these "tags" as named timestamps, like mod_firewalls MARK ORIGIN, but persistently attached to accounts instead of sessions. These would be added on events such as account creation, login etc (like mod_lastlog), manually via eg an adhoc-command and a mod_firewall action. This should allow things like restricting new accounts until explicit admin approval, or time passed, and explicit account flagging. I'm not sure if MattJ had something different in mind.
ChangesI had imagined them as a mere list of strings, but I can see merit in having a string->timestamp relationship as well. "Time passed after account creation" is actually a metric that has been there before and is actively circumvented by spammers, by creating a bulk of accounts and using them only a month later.
An attempt at this done in https://hg.prosody.im/prosody-modules/rev/165d2877eeac Actions: MARK USER=label UNMARK USER=label Condition: USER MARKED: label (optional timespec) Works like MARK ORIGIN & friends but is persistent and shared between all sessions of the same user. Loading and storing is done on resource bind and unbind and is cached as long as the user has at least one session online. The code for that is disabled by default unless `firewall_experimental_user_marks` is set to true.
ChangesIt would be a great thing to integrate those marks with mod_register_dnsbl_* as well :)
ge0rg: Have you used the code Zash committed? Any feedback?
Integrated it into my mod_firewall based spambot detector now. Looks good, doesn't seem to crash. The caching feels a bit cumbersome (ensure that all sessions are offline, delete state), would be great to have some hacky(?) way to change it at runtime.