Detect and ban waves of bots

[vcarl]

We could really use a command to detect and auto-ban (with moderator approval) when a huge number of accounts joins the server.

Detection

We've had numerous waves of bots that join in < 3m. Simple detection like "> 5 accounts joined in less than 1 minute", flagging all accounts until 2 minutes have gone by without more joins, seems like it would catch the scenarios we've seen.

Reporting

We have a private mod-log channel. After the join wave finishes, Reactibot should ping that channel and mention @Moderator, with a message like:

new accounts joined in , with usernames:
<list of comma separated display names>
Ban all accounts? React with 👍 to approve or 👎 to ignore

This feature should continue tracking those users until explicitly ignored.

Prior art for reactions (esp staff-only reaction handlers) can be found in features/emojiMod

[vcarl]

Stretch goal: DM banned users informing them why they were banned and telling them where to "appeal", so that real humans aren't banned unexpectedly. I don't think this is likely to happen though, so it's not essential

[12:24 PM] S3BAS: Couldn't reactibot also dm the banned users in this case? "You joined amidst a bot wave and you have been banned, if this was a mistake contact a moderator / send me a message" or something?
[12:24 PM] S3BAS: I imagine only non-bots would respond to that?
[12:27 PM] Sonicrida: good idea!
[12:29 PM] rah.codes: That's what I was thinking should be in the mix as well. Should be easy to figure out who's an actual human and who is just a super intelligent bot
[1:01 PM] vcarl: tbh i don't think that's very likely so that seems like a "nice to have" rather than something essential to the feature
[1:03 PM] vcarl: like in 100 accounts we ban that way, i'd be slightly surprised if we had 1 real human that got caught up. from our join logging channel, the waves are very distinct. scrolling through our private join-log channel, i only see a handful of joins (4 today, over several dozen new members) in the same minute as another, and none with > 2 people joining in the same minute

[S3B4S]

Is there still any interest in this feature? It's been a while since this has been discussed.

[vcarl]

There is!

[Padmanabh82]

Stretch goal: DM banned users informing them why they were banned and telling them where to "appeal", so that real humans aren't banned unexpectedly. I don't think this is likely to happen though, so it's not essential

[12:24 PM] S3BAS: Couldn't reactibot also dm the banned users in this case? "You joined amidst a bot wave and you have been banned, if this was a mistake contact a moderator / send me a message" or something? [12:24 PM] S3BAS: I imagine only non-bots would respond to that? [12:27 PM] Sonicrida: good idea! [12:29 PM] rah.codes: That's what I was thinking should be in the mix as well. Should be easy to figure out who's an actual human and who is just a super intelligent bot [1:01 PM] vcarl: tbh i don't think that's very likely so that seems like a "nice to have" rather than something essential to the feature [1:03 PM] vcarl: like in 100 accounts we ban that way, i'd be slightly surprised if we had 1 real human that got caught up. from our join logging channel, the waves are very distinct. scrolling through our private join-log channel, i only see a handful of joins (4 today, over several dozen new members) in the same minute as another, and none with > 2 people joining in the same minute

@vcarl sir what option can we give for person to appeal ?? i have talked about that before. at starting only real persons will appeal because bots are not coded for that but then bots can be coded for auto appeal then we will need to add capcha also their as mods all dont have time to reply them all

[nickserv]

FWIW Discord has improved their bot detection and this doesn't seem to be affecting us as much now.

[vcarl]

I also don't understand the complaint — this is explicitly intended to ban bots, but you're suggesting an "appeal" function that bots are able to use? I'd rather not spend multiple hours writing code to automatically handle a rare case that I don't think we'd actually encounter

[nickserv]

I think they're referring to people that get their accounts hacked and banned, and then get them back. We already handle these appeals just fine via Discord and Netlify Forms though, so I agree we don't need to update the bot for it.

[Padmanabh82]

I think they're referring to people that get their accounts hacked and banned, and then get them back. We already handle these appeals just fine via Discord and Netlify Forms though, so I agree we don't need to update the bot for it.

Then close this in issue

[vcarl]

This hasn't been a significant problem in a while so I'm going to close