Better anti-spam measures

[vcarl]

• Extract URLs from messages so they can be analyzed

We currently have a "banlist" of URLs, but we only do naive string .contains() on the entire message to look for them. We've had waves of bots that post variations on visually-similar URLs that imitate Discord, Steam, etc hosts, which bypass these checks because of how simple they are. If we extract URLs from sent messages, we could do more complex processing to see if they're nefarious, like a levenshtein distance check.

• Spam response waits for multiple posts before kicking #165
• Spam keyword detection doesn't check message embeds #168

[vcarl]

A helpful regex:

const links = msg.content.match(/https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9@:%_\+.~#?&//=]*)/g);

Cheers to @BTMPL for sourcing that

[Padmanabh82]

Ok @vcarl sir I will try to do it. But post here your list and also after detecting it what will we do ban/delete message/inform to mods ??

[vcarl]

This would be an extension to our autoban feature, improving it so that it can catch a wider range of scam URLs

[Padmanabh82]

A helpful regex:

const links = msg.content.match(/https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9@:%_\+.~#?&//=]*)/g);

Cheers to @BTMPL for sourcing that

@vcarl sir as per me it will work on only https links not http

[Padmanabh82]

sir in autoban feature how can one contact a mod after getting banned ?? if he has a dm opened sit he can send you message (i have tried it on other server. after living server i cannot dm a person)

[vcarl]

I'd still love to get some better handling for links. Right now we only check for any link at all, with some domains whitelisted. With the "spam score" we have now, we could do fancier handling of different types of spam, like insta-kicking for messages that misspell discord.com and include our spam keywords