Follow

IMPORTANT: We're seeing a large scale attempt to bulk-register bot accounts across the public Matrix network (including captcha bypass) in order to perform spam flood attacks. If you're running a public homeserver please disable open registration, or require email for signups.

The traffic caused by these distributed spam attacks is currently causing federation delays for servers which are participating in a targeted room; we are working on a performance fix for Synapse to address this.

@matrix Meanwhile server admins can use delete room API to remove users from Matrix HQ and remove it's data until things settle down. Documentation for the API is at github.com/matrix-org/synapse/ and Room ID for HQ is !OGEhHVWSdvArJzumhm:matrix.org

@matrix Is there a way for admins to easily detect if they have a spammer? Like log messages, they can look at, or better yet, alerts they can set up?

@adam @matrix I export metrics using Prometheus and from there can create alerts based on high new user count

@y0x3y @matrix But the problem is people sending [unsolicited] messages, not people registering for accounts.

Wouldn't a better metric be the number of different users messaged by a single account in a short period of time?

Detection routines should be detecting the bad behavior that we actually care about. Otherwise the problem will just morph into slowly signing up for accounts and then sending tons of messages later.

@matrix I experienced huge (~3h) delays of message delivery between me at tchncs.de and a friend at matrix.org. Perhaps it's due to this issue?..

@matrix welcome to the big leagues! Sending you all love from Libera, and all the best for working out a federated moderation strategy.

@matrix My server is unable to federate for more than a day, even after purging Matrix HQ *and* synapse admins. Any ideas?
Sign in to participate in the conversation
Matrix.org's Mastodon

mastodon.matrix.org is one server in the network