Disclaimer:
All tips and suggestions here are provided without any liability/warranty and are not legal advice.
For legal advice contact a lawyer.
This guide contains suggestions of actions and practises that may help when dealing with abuse.
Immediate actions
I need instructions for:
Synapse
Stop the spam
Suspend the account of the spamming user
Use the "Suspend account" admin API to suspend the user account to prevent further spam.
Example cURL command
curl -X POST 'https://your-homeserver-url/_synapse/admin/v1/suspend/@user:example.com' \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"suspend": true}'
Clean-up the spam
Issue redactions for all the events the account has sent
Use the "Redact all events of a user" admin API to 'puppet' the account and send redactions for all events sent by the account.
💡 Tip: If you provide an empty room-list in the API call all events from all rooms that account is in are redacted.
Example cURL command
curl -X POST 'https://your-homeserver-url/_synapse/admin/v1/users/@user:example.com/redactions' \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"user_id": "@user:example.com", "room_ids": []}'
Delete the media that the account has uploaded
Use the "Delete media uploaded by a user" admin API to delete all media files uploaded by an account.
Example cURL command
curl -X DELETE 'https://your-homeserver-url/_synapse/admin/v1/users/@user:example.com/media' \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Optional: collect information about the account
Query the user account
Use the "Query user account" admin API to get more info about the user account; things like Third Party Identifiers (3PID also known as 'threepids') can be useful for later investigations.
Example cURL command
curl -X GET 'https://your-homeserver-url/_synapse/admin/v2/users/@user:example.com' \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
List all devices including last seen IP addresses
Use the "List all devices" admin API to get a list of connections from that account.
Example cURL command
curl -X GET 'https://your-homeserver-url/_synapse/admin/v2/users/@user:example.com/devices' \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Final actions
Deactivate the user account
Use the "Deactivate account" admin API to ultimately deactivate the account.
Example cURL command
curl -X POST 'https://your-homeserver-url/_synapse/admin/v1/deactivate/@user:example.com' \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Conduwuit / Continuwuity
Stop the spam
Deactivate the account of the spamming user
Use the account deactivation command in your admin room to deactivate the user account and prevent further spam.
!admin users deactivate <user localpart or full ID>
Clean-up the spam
Delete the media that the account has uploaded
Use the media admin command in your admin room to delete all media that the user has uploaded.
!admin media delete-all-from-user <user localpart or full ID>
Conduit
Stop the spam
Deactivate the account of the spamming user
Use the account deactivation command in your admin room to deactivate the user account and prevent further spam.
@conduit:your-domain.tld deactivate-user @your-user:yor-domain.tld
Precautions
Make it harder for spammers
Require more work for account registration
As a minimum require email validation for new accounts.
Think about captchas to hinder automated registrations.
Increase moderation
Appoint more moderators or administrators
If you run a matrix server for the general public consider getting more people involved in your moderation team to ensure quick reaction times in case of spam.
Assist with bots and tools
Bots like Draupnir and Mjolnir have capabilities to make server administration easier.
💡 Draupnir as of version 2.3.0 and above has the ability to suspend local user accounts when they get added to policy lists (only works on Synapse).
Webapps like Synapse Admin can provide easy access to most of the available admin API functions.
Make it easy to reach you
Configure MSC1929
MSC1929 provides a standardized way to get contact info of a Matrix server administrator or moderator; this is extremely helpful when dealing with spam because it can massively reduce the delay before the server admin gets notified about possible abuse originating from their server.
Other methods of contact
Another good idea is to provide methods for contacting you on your homepage. If your matrix server is "matrix-server.com" then thats also the place to put a website with contact info.
What if all that isn't enough?
Disable registrations
If you can't properly moderate a server, be it because of lack of time / personnel / technical knowledge, it might be better to disable new registrations until you have figured out a way to deal with spam and abuse. The reality is you might otherwise risk being put on block lists which might be even more damaging than to temporarily disable new registrations.
I need help with all of this!
Don't worry, it can be a bit overwhelming in the beginning, but luckily most of the tools/projects which are covered in this guide have support rooms on Matrix or other documentation online.
Synapse administration
Online documentation:
The online documentation for Synapse can be found here: Docs
Support rooms on matrix:
There is Synapse Admins (Community Edition) which is run and managed by the community itself.
There is Synapse Admins which is run and managed by matrix.org.
Conduit administration
Online documentation:
The online documentation for conduit can be found here: Docs
Support rooms on matrix:
There is Conduit Matrix Server.
Continuwuity / Conduwuit administration
Conduwuit is dead, you may wish to take a look at Continuwuity
Online documentation:
The online documentation for Continuwuity can be found here: Docs
Support rooms on matrix:
There is Continuwuity.
Moderation Bots
Draupnir
Online documentation: Docs
Support room on matrix: #draupnir:matrix.org
Meowlnir
Online documentation: Docs
Support room on matrix: #meowlnir:maunium.net
Mjolnir
Online documentation: Docs
Support room on matrix: #mjolnir:matrix.org
Webinterfaces
Synapse Admins Webapp
Online documentation: Docs
Support room on matrix: #synapse-admin:etke.cc