IMPORTANT: We're seeing a large scale attempt to bulk-register bot accounts across the public Matrix network (including captcha bypass) in order to perform spam flood attacks. If you're running a public homeserver please disable open registration, or require email for signups.
@matrix Meanwhile server admins can use delete room API to remove users from Matrix HQ and remove it's data until things settle down. Documentation for the API is at https://github.com/matrix-org/synapse/blob/develop/docs/admin_api/rooms.md#delete-room-api and Room ID for HQ is !OGEhHVWSdvArJzumhm:matrix.org
@matrix Is there a way for admins to easily detect if they have a spammer? Like log messages, they can look at, or better yet, alerts they can set up?
Wouldn't a better metric be the number of different users messaged by a single account in a short period of time?
Detection routines should be detecting the bad behavior that we actually care about. Otherwise the problem will just morph into slowly signing up for accounts and then sending tons of messages later.
@matrix I experienced huge (~3h) delays of message delivery between me at tchncs.de and a friend at matrix.org. Perhaps it's due to this issue?..
@matrix welcome to the big leagues! Sending you all love from Libera, and all the best for working out a federated moderation strategy.
mastodon.matrix.org is one server in the network