Abuse report - Bots spamming room invite

[TheFrenchGhosty]

Description

It looks like some people are abusing a bug/feature of Riot/Matrix and have created a bot that is spamming room invite.

At first I received an invite by someone I didn't know, we didn't have any room in common (I checked) named "karmabot".

I tried to accept the invite, I couldn't, I tried to reject it I couldn't either (just a message "failed to join the room")

After some hours, I could finally reject it, but I instantly received an invite to the same room by someone else (a bot I guess) named No One Leaves.

The original invite come from @ karmabot : calamari . space

The room name is # fun : calamari . space (DO NOT JOIN IT)

The room ID is !xTFUshdYJofEwnzxfi : calamari . space

The bot is @ no_one_leaves : matrix . kiwifarms . net

After I joined the room I instantly received a "greeting" by "No One Leaves", and noticed that lots of people are affected by this.

2000+ invites...

[turt2live]

We're aware of this and have taken measures to protect matrix.org users. For your own server, https://gist.github.com/turt2live/7bf1e589664298d786dfa6aeccda294a has some options.

Please report these things with an email to abuse@matrix.org in the future.

[TheFrenchGhosty]

They're threatening to use dot tk domains (might be a good idea to block those)

In the screenshot, "gamer" is the owner of calamari . space and "divineintellect" (an account on calamari . space) is the owner of the bot.

[turt2live]

@TheFrenchGhosty we're not going to be able to monitor this thread - please use abuse@matrix.org

[TheJonny]

They're threatening to use dot tk domains (might be a good idea to block those)

I don't think blocking tk-domains is a good idea, if they are not massively abused: It is frustrating for people, who register their first domain and want to try matrix to get blocked.

[scottwallacesh]

I just blocked matrix.calamari.space using PiHole.