search

matrix-org / dendrite

Dendrite is a second-generation Matrix homeserver written in Go!
https://matrix-org.github.io/dendrite/
Apache License 2.0
5.67k stars 664 forks source link

Remove my domain from ACL and purge spam users #1894

Closed ArnoPoitt closed 3 years ago

ArnoPoitt commented 3 years ago

Background information

I recently experienced high RAM usage on my dendrite homeserver which revealed to be because spammers took advantage of the free registration on my server. I solved the problem by :

FYI, my postgres database is in a docker container, in order to deactivate the spam accounts I opened a shell in the container with : docker exec -it $CONTAINER psql -U $POSTGRES_USER Then from this psql shell I connected into the dendrite_account with \c dendrite_account And changed the is_deactivated status of the problematic users with : update account_accounts set is deactivated = true where condition;

Description

My dendrite container takes a very reasonable amount of RAM now and is very responsive. My server is still "banned" from a lot of room now. My question is about what I should do to fully purge these accounts from the federation and be removed of most rooms ACL now that I am much less likely to be a source of spam.

kegsay commented 3 years ago

You'll need to bring this up with matrix.org folks to amend the server ACLs. This isn't automated.

ArnoPoitt commented 3 years ago

Thanks for your answer, I will manage this ACL issue with matrix.org. Meanwhile I would like to know if there is a way to purge those users from my database. I just modified the title of my issue, it was not very precise.

ArnoPoitt commented 3 years ago

Answer from neilalexander on the dendrite chat: You'll want to identify the problem accounts in the account_accounts table, then find the access tokens of those accounts in device_devices and delete them, then delete the accounts from account_accounts, account_data and account_profiles.

That freed some RAM indeed. Before deleting accounts, I changed the password hash in order to access the account and leave the joined rooms but there were no room joined for any of the accounts. I think I am still receiving unwanted room events though.