diff --git a/apps/meteor/server/routes/avatar/middlewares/auth.js b/apps/meteor/server/routes/avatar/middlewares/auth.js
index 40eb072d405c..5a4ead7ed048 100644
--- a/apps/meteor/server/routes/avatar/middlewares/auth.js
+++ b/apps/meteor/server/routes/avatar/middlewares/auth.js
@@ -1,11 +1,20 @@
-import { userCanAccessAvatar } from '../utils';
+import { userCanAccessAvatar, renderSVGLetters } from '../utils';
 
 // protect all avatar endpoints
 export const protectAvatars = async (req, res, next) => {
 	if (!(await userCanAccessAvatar(req))) {
-		res.writeHead(403);
-		res.write('Forbidden');
+		let roomOrUsername;
+
+		if (req.url.startsWith('/room')) {
+			roomOrUsername = req.url.split('/')[2] || 'Room';
+		} else {
+			roomOrUsername = req.url.split('/')[1] || 'Anonymous';
+		}
+
+		res.writeHead(200, { 'Content-Type': 'image/svg+xml' });
+		res.write(renderSVGLetters(roomOrUsername, 200));
 		res.end();
+
 		return;
 	}
 
diff --git a/apps/meteor/server/settings/accounts.ts b/apps/meteor/server/settings/accounts.ts
index 39e4183dbf5f..a744c47b2a41 100644
--- a/apps/meteor/server/settings/accounts.ts
+++ b/apps/meteor/server/settings/accounts.ts
@@ -760,7 +760,7 @@ export const createAccountSettings = () =>
 				i18nDescription: 'Accounts_AvatarCacheTime_description',
 			});
 
-			await this.add('Accounts_AvatarBlockUnauthenticatedAccess', false, {
+			await this.add('Accounts_AvatarBlockUnauthenticatedAccess', true, {
 				type: 'boolean',
 				public: true,
 			});