Multi-Users Chat


Added by Mickaël Rémond, last edited by Mickaël Rémond on May 05, 2008  (view change)

Labels:

Enter labels to add to this page:
Wait Image 
Looking for a label? Just start typing.
Table of Contents

Index

Multi-Users Chat (MUC) is a message broadcast system. As such it is one of the main source of possible abuse for users.

In ejabberd 2.0 we have tried to focus on most possible abuse cases on MUC room, but many cases are regularly discovered and we improve those protections everyday as part of our support job.

Here is a list of possible abuses along with their solution.

A user changes presence very fast

  • problems:
    1. each presence is a broadcast of presence packets to every users on the chat room. With lot of users in the chat room it can result in a large number of packets per second being send.
  • Solutions:
    1. Limit the frequency a given user can send presence packets to the room.
      • Implemented in: ejabberd 2.0.0+

A user sends messages too fast (flood)

  • problems:
    1. each packet is broadcasted to all room users. It adds to the queue of outgoing messages to send.
    2. it can make the chatroom difficult to follow
  • Solutions:
    1. Limit the frequency a given user can send message packets to the room.
      • Implemented in: ejabberd 2.0.0+

A user create hundreds of permanent chat rooms

  • Problems:
    1. Increase the number of rooms (in memory or in DB).
    2. Increase the size of the room list which is retrieved by the client. It can lead to very large list of MUC rooms (See further).
  • Solutions:
    1. Creation of permanent chat rooms can be limited to some users (for example local users)
      • Implemented in: ejabberd 2.0.0+

A user join hundreds of chat rooms

  • Problems:
    1. Increase the number of rooms (in memory or in DB).
    2. Increase the size of the room list which is retrieved by the client. It can lead to very large list of MUC rooms (See further).
  • Solutions:
    1. Limit the number of chat rooms a single user can join
      • Implemented in: ejabberd 2.0.0+

Large list of MUC rooms

  • Problems:
    1. List of room can be retrieved by XMPP clients. Most of the XMPP clients do not support result sets when retrieving MUC list.
  • Solutions:
    1. Servers need to implement result set in MUC room list to limit the size of the list packet and the volume of data retrieved at once.
    2. Clients need to implement result set in MUC room list

Generic mecanisms

Support in the server for the XAAI Blacklist is also useful.