#devel:fedorproject.org, #workstation:fedoraproject.org
All the other Fedora rooms that I checked did not have the bot at all.
2 Likes
Thanks! Weāll look into this.
I reconfigured the moderation bot for power level 60 in #kde:fedoraproject.org and other rooms that I administer on :fedora.im and :fedoraproject.org some time ago to ensure all the privileges were granted. This also required downgrading the āchange server ACLsā permission from Admin (100) to 60.
We really need to have the newly formed matrix operations folks come up with a standard set of power levels and roles and standarize the bot power levels and what rooms it is in.
In the case of devel and workstation (and many other rooms I added the moderation bot to), I set the bot at power level 49 and specificly set powerlevel 49 to have redact, ban, and kick permissions. Thereās a vast array of default 50 powerlevel actions that I really donāt think the bot needs to have (change the room name, set encryption, etc etc).
So, in the case of devel and workstation, the bot should actually have all needed permssions (except I missed on on workstation, which I fixed this morning)
Are there any updates on fixes to the invite spam problems? Afaik the moderation bot only affects messages in rooms, not rooms themselves and doesnāt affect new rooms or their invites.
No updates that I am aware of.
A seperate mitigation was put in place for invites. It disallowed
inviting any fedora.im domain users. Iām not sure if this is still in
place. That was completely seperate from the moderation botā¦
Thereās a bunch of plans ongoing to improve things.
A policy server to check requests before allowing them,
more moderation tools, etc. Just nothing is really ready yet that I am
aware of.
Are there plans tracked somewhere we can point people to?
Not that I know of. The policy stuff is now in synapse and thereās
upstream blogs and mentions like:
1 Like
Hi all, I am writing a comment to summarize the work done and to formally close out the Fedora Council ticket tracking this issue. This comment will be written and posted both on the Fedora Discussion topic and the Fedora Council Pagure issue.
Since June to September, when this issue was in especially high focus, we have adopted several new mechanisms to protect our community from these attacks and make our infrastructure more resilient to malicious attacks such as these.
This is a brief summary of the steps we have taken over the past few months to address this issue:
- Worked with our hosting provider, Element Matrix Services (EMS), to roll out experimental new features for users on
:fedora.imaccounts to block room invites from users not also on the:fedora.imserver - Adopted a new moderation bot (Draupnir) with the amazing help of @rorysys and others from the wider Matrix moderation community for Linux distros
- Worked with our hosting provider to raise this issue with the appropriate authorities
- Created new public and private Matrix Working Group rooms for moderators and the wider Fedora community to coordinate and respond to attacks quickly in real-time when they happen
Since these actions were taken, the reports of this content have mostly disappeared. The few reports we still see are from users who have not logged into their Matrix accounts for some time, and therefore, still have the room invites pending. The best way to resolve this issue is by taking the following step on the Element Matrix client:
- Go to Settings ā Help & About ā click āClear cache and reloadā
We encourage anyone who sees harmful content to make a report to the Fedora Matrix WG in #wg-matrix:fedoraproject.org.
Closing/locking this topic. A sincere and heartfelt thanks to the several people who dropped a lot of other important things and gave this an urgent priority. We could not have responded in the coordinated way we did without the help of lots of amazing people in our community who are committed to the safety and well-being of our Fedora community. 
4 Likes