I asked about blocking signups from nefarious people in the synapse admins room a couple months back - and I chuckled when the reply I got was 'add captcha?'<p>I thought it was a joke at the time.<p>I am glad the devs are working on security as a priority and other great features. However moderation tooling could be more user friendly, and the signup process could have some added layers of security added for sure.<p>what I'm thinking on the signups:
a blacklist for ips, CIDRs, email domains, maybe hostnames, maybe countries. (With option to block all minus the whitelist)<p>a throttle list - more than 2 signups from this grey area of ips, hosts, tor, email addys - pause them for X number of hours/days - give notice they can ask an admin to add their [thing] to the whitelist in case you have a group you want to join from some new [place] or whatever is generating dozens from [place] this week.<p>a whitelist - one of my sites might have comcast hostnames for ips and emails, along with gmail, proton, perhaps.<p>would be nice for a GUI so moderators could add to the whitelist - and super bonus if other users above total noob level could add an email addy to the list (inviting friend).<p>I added 16 mill 32k ips to one of my chat sites ban list today - I don't need repeated spam from isp X when I never get any real users from that country in the first place.<p>Terrible spam can ruin a chat community as much as anything. When I say terrible spam I mean the trolls that like to 4ch/cp and such to test your site's moderation and capabilities.<p>I need to ban all the ips from a few VPNs to stop this one pesky, wealthy non-stop troll - doing it server side / iptables is meh. And looking up the ips manually sucks too - but something needs to be done.<p>I'd put the money up on upwork to make such a (python? module) handing these things if someone would help me write up the matrix needs to make it mix it right.<p>This is a need - and an option to load third party block lists from various places should be a thing too.<p>not sure about memory requirements and if lookup for hostnames would choke a slow server or whatever - love to get more ideas to block and stop bots and abusive folks.<p>maybe extra questions to answer beyond captcha when signups exceed X per hour with option to add more layers of questions and answers.
(I know there is some semblence of this sort of thing baked into the homeserver.xml or whatever - and it's already a huge file to contend with - not needing more bloat, but this a need at this point)<p>Love to get an option to dunce (what else it is called?) - new users so they can't post X or Y (links, pics, whatever) until they have been users for at least X number of hours / days) - and maybe block anyone that was registered on 6-28/29 during the bot signup-pocalypse time).<p>Matrix is the best chat system I've found. Looking forward to it getting stronger.