Soashable has been attacked by spimmers (IM spammers) twice now. The first time I was short on time, and a quick fix was to close down regular XMPP ports. Now that Soashable is essentially my full time unjob, I have some time to tinker.
I implemented a bare bones anti-spim device. It is loosely based on XEP-0158. Each time you start a new conversation with somebody you must complete a text-based challenge provided by textcaptcha.com:
I plan to fully support legacy and non-legacy qa and possibly hashcash mechanisms. I will thus improve the GUI around completing challenges, so it is its own dialog or panel in the IM window. It would be possible to implement image captcha (ocr), but it doesn't seem worth while right now. I will also take ideas from XEP-0159 to more intelligently run tests (eg. no tests if you are in the remote person's roster, etc).
Source code for the Openfire plugin is available in SVN here (browse), and I will wrap it up for a stand alone release at some point.