Mass spam to #debian:matrix.org coming from kde.org homeserver, which is run by matrix.org
Víctor Cuadrado Juan
me at viccuad.me
Sat Jun 26 10:39:18 BST 2021
Hello,
(Please note, this message is CC to support at matrix.org and
kde-devel at kde.org m-l. I'm not subscribed to the latter, please reply
to me).
Thanks for matrix.org, it's an amazing technology :).
As an admin of #debian:matrix.org, we got a mass spam event on
2021-06-26, ~10 CET:
https://matrix.to/#/!ZjJkQNQAlmRlGyyPSZ:matrix.org/$162469752482824wsdOv:matrix.org
Turns out that all spam accounts came from kde.org homeserver, as the
kde.org account registration doesn't need mail verification.
We changed #debian:matrix.org room's ACL to block it.
I shared the info on the spam attack on #kde-devel:kde.org, and they
pointed that the kde.org homeserver is managed by matrix.org:
https://matrix.to/#/!jDLOUpjYLfQYvmOufZ:matrix.org/$1624698609284jFsbe:libera.chat?via=kde.org&via=libera.chat&via=matrix.org
If that's the case, could account registration of kde.org homeserver
be changed to require mail verification?
Many thanks in advance,
--
Víctor Cuadrado Juan me at viccuad.me
PGP key ID: 4096R: 0xA2591E231E251F36
Key fingerprint: E3C5 114C 0C5B 4C49 BA03 0991 A259 1E23 1E25 1F36
My signed E-Mails are trustworthy.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://mail.kde.org/pipermail/kde-devel/attachments/20210626/a1dbbb6f/attachment.sig>
More information about the kde-devel
mailing list