Wrote a little article about some odd lurker bots I noticed on Matrix:


Has been a while, but decided to finally talk about it. Maybe @matrix want to look into this. Given that my research didn't bring me any further (but I have to admit, I also didn't try really hard), I decided to just talk about it publicly.

Feel free to come up with ideas, ask questions, etc!

@sheogorath the best on stuff like this is to mail abuse@matrix.org or security@matrix.org - by making your analysis public like this it makes it easier for the spammers to see how to change their pattern.


@matrix To me this only makes sense, when they would originate from matrix.org. But this is a lot broader and seems to be mainly an issue due to quite relaxed homeserver owners. Nothing you or me can do about, besides talking about the problem to create awareness for it.

Also they are no spammers. They just join and lurk. Potential spammers? Maybe. But not yet.

Therefore I don't consider it a security topic that would require an embargo as it's no vulnerability.

@sheogorath at {abuse,security}@matrix.org we're worrying about the health of the whole open network - not just the matrix.org homeserver. For instance, we keep comms open with the admins of the other public signup servers to coordinate on abuse like this. The reason to keep this sort of thing discreet is because otherwise you're just tipping off the spammer to how you're identifying their spam, which just encourages them to take countermeasures.

@sheogorath (and while they're not spamming yet, it's a pattern we've been analysing where spam bots slowly flood in before they're activated. if this was just data collection they'd use a single bot).

Sign in to participate in the conversation
Sheogorath's Microblog

This is my personal microblog. It's filled with my fun, joy and silliness.