Since early 2010 I have always had a passion for Internet Security, around 2015 I bought the Domain XMPP.in, which I ultimately made it a XMPP/Jabber server for the open public. By the beginning of 2017 I had about 22,000 registered accounts, and on a daily basis I received anywhere from 1-5 emails requesting password assistance. To protect customers data and accounts, I made it clear on our website we would NOT assist with any password resetting, the main reason for this was simply because how can I verify its you? and not just someone attempting to Social Engineer us.

Backend

The server we ran it on was Ubuntu 16.04 build, and we used prosody to power our server. One thing I wanted to make sure was people who cared for security was able to review our files that we could show. Some examples of these files can be viewed in our Github, some examples of what you will find under the Misc folder is our Prosody.cfg.lua, this was our config file and showed exactly what modules we used at the time. One of the main ones I was excited to use was Onion, which allowed us to use both our main domain XMPP.in and our Tor domain, which I will not mention. This project brought a bunch of new things to my eye, one being settings up a Tor domain or a .onion, if you haven’t heard of Tor yet it has a lot of hate due to a lot of the domains on the network being related to illegal activity such as Drug Deals, Hitman for Hire and worse Yes thats possible. You can read more about the TorProject here. For our DB we used MySQL, as with Prosody that seemed the most effective for me at the time, as I was use to using that with other site’s such as Wordpress, etc.

Current & Future Plans..

My plans for the future with this project, is to expand it more. I ultimately want to make it possible to register online, implement some sort of Two Factor auth or something among those lines. Also create a one-time recovery key or backup passwords, these are just thoughts. Currently I am reworking a front-end revamp here soon.