[jitsi-users] Whos' ringing my doorbell?


#1

I did the research. Jit.Si has the search module installed. Although
Jitsi itself does not support it, clients like Pidgin and others
support the "search" feature. This allows anyone with the proper
client to attach to Jit.Si and type in a "*" as the search phrase and
see all of the users that have accounts on the Jit.Si server. My
recommendation would be to disable/un-install this module. I have done
so on my own server at chat.jpunix.net
- --
John Perry

···

On 7/12/2013 4:41 PM, Yannik V�lker wrote:

Same just happened to me: jackmp@jit.si tester54321@jit.si
testerwset45@jit.si

Am 12.07.2013 22:22, schrieb John Perry:

I keep getting a request from someone on Jit.Si to authenticate
with him/her. I have no idea who is requesting this
authentication. Is the Jit.Si XMPP server open to search? If so
is this the right way to go? I would think that our anonymity
would be the rule rather than the exception.


#2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Same just happened to me: jackmp@jit.si tester54321@jit.si
testerwset45@jit.si

I keep getting a request from someone on Jit.Si to authenticate
with him/her. I have no idea who is requesting this
authentication. Is the Jit.Si XMPP server open to search? If so
is this the right way to go? I would think that our anonymity
would be the rule rather than the exception.

I did the research. Jit.Si has the search module installed.

Hmm ... I just checked that it wasn't. How did you confirm this?

Emil

···

On Sat, Jul 13, 2013 at 12:52 AM, John Perry <lists@jpunix.net> wrote:

On 7/12/2013 4:41 PM, Yannik Völker wrote:

Am 12.07.2013 22:22, schrieb John Perry:

Although
Jitsi itself does not support it, clients like Pidgin and others
support the "search" feature. This allows anyone with the proper
client to attach to Jit.Si and type in a "*" as the search phrase and
see all of the users that have accounts on the Jit.Si server. My
recommendation would be to disable/un-install this module. I have done
so on my own server at chat.jpunix.net
- --
John Perry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJR4Ii6AAoJEIn5ENyiI2/NbfQP/RcwpMwUHQF0D27QGgWh2jv9
LNbCocMxxQPBk+O57AFCGbgkdz51ZxcyUiqBn5sAVq1igTa2B6X+VvyhjHpsjoYL
KyKHZr4NH1LXPDZ9QeT+hcRIVUpCZO7bSasBgm/IQcg9Kj8CtcQ+2shMlhzL3x2w
qLaS554VYi/CVuWBzrY08KZz26cUDfV2er2RvEGFatLc9bt6VmyF2BSh47x0ZTZL
1x3idTF1+QgA3TvIqp/OG6mkbO+KWOa7JFuo5r873WBGDLMCZxh06xp7rO1wLV+h
Z0V85CmFU/u8oujRkw8Pmo9pk03otH5sDlo4OClr7fe+rJCoRKWxY//HpBmag8AU
f/hwGYXEUzmg/sn9y9Gflbcqgcbnl46gcER+0iONLCugBRWSxntlmnO2WvTZwT5Y
upKjf6O8+/E4QV6Bcg8QAUrNVFUafHR9pnsZp2+10PYSSyWo+6knZlFv6ytMZvBR
FCtQtbyNVrWsh+tRyoiBCeNOUibe7LTRqs8esJFxSySsRiYy83ac+n13Aw+01t/f
2dLNOyPWY+PkTsEEtZ18FJgRNS7fd2tm9k0iBNmuwx0iUylSu9r6qRYtvOq1hLyS
e/C96FnSD2ptvyBeOonFxaslleip/qYU04cOo69nBD1NeUBKji+Zs+6CZW626QVv
8DJw5PMhsL7Dm9yxPoHC
=/t3U
-----END PGP SIGNATURE-----

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
https://jitsi.org FAX: +33.1.77.62.47.31


#3

My apologies. It was a supposition on my part. I installed the search
module on my own server and supposed that this is what was happening.
Again my apologies for jumping the gun. But... The issue still remains
that there is someone sending invites to non-trivial usernames.

···

On 7/12/2013 6:23 PM, Emil Ivov wrote:

On Sat, Jul 13, 2013 at 12:52 AM, John Perry <lists@jpunix.net>
wrote: On 7/12/2013 4:41 PM, Yannik V�lker wrote:

Same just happened to me: jackmp@jit.si tester54321@jit.si
testerwset45@jit.si

Am 12.07.2013 22:22, schrieb John Perry:

I keep getting a request from someone on Jit.Si to
authenticate with him/her. I have no idea who is requesting
this authentication. Is the Jit.Si XMPP server open to
search? If so is this the right way to go? I would think
that our anonymity would be the rule rather than the
exception.

I did the research. Jit.Si has the search module installed.

Hmm ... I just checked that it wasn't. How did you confirm this?

Emil

--
John Perry - WX5JP
http://www.jpunix.net

--
John Perry