Audit registrations

[AndrewKvalheim]

Not really sure if we’d want this, but exploring the idea. Now that we’re administering Synapse we have the ability to add custom Synapse modules.

In past years we’ve been blind to actual user registrations and relied upon observing room membership as a proxy, but that risks missing problems like conference attendees failing to join the space or deliberate abuse. As a simple mitigation, this hooks into on_user_registration and logs each new user in a moderation room for human review.

[strugee]

I'd like this to go to a room on the ephemeral homeserver, not our production space. Rationale: if like 10,000 bots sign up or whatever, we've just permanently DoS'd Seattle Matrix's database.

[AndrewKvalheim]

@altsalt ^ Recommendations on where to send this?

[altsalt]

Perhaps we can setup some sort of a bot log channel (though of course this is more than just bot), where there is an expected large number of items to be continuously coming in.

[altsalt]

I mean, given the title, perhaps #audit or #syslog?

[strugee]

Does it matter? This is just for SeaGL staff so let's just pick a name that the three of us can live with and get on with it (unless I'm missing something?)

[AndrewKvalheim]

I’ve already created #audit:2024.seagl.org and listed it in the Restricted space, so the only missing piece is adding this module

[altsalt]

It's interesting, some of what gets dumped into Triage is also the content I'd expect in Audit. Anyway, think this is all good, is there something I can help with here?

[AndrewKvalheim]

I’d been awaiting an explicit affirmative from anyone else on whether we want to install the module, preferably informed by having read it since I know next to nothing about doing this. But it seems like we all want it and it’s been working in the staging instance.