socksthewolf / antiscambot Goto Github PK
View Code? Open in Web Editor NEWA discord bot that shares commission scammer ban lists
Home Page: https://scamguard.app/
License: MIT License
A discord bot that shares commission scammer ban lists
Home Page: https://scamguard.app/
License: MIT License
This will need a way to tell for certain that the person is actually gone vs the discord API is not responding. When we go to activate bans, it doesn't make sense to waste a ban command on an user account that cannot come back (deleted permanently by Discord).
This requires checking to see if the account is deleted, and if so, remove them from the database.
If the bot is kicked while it is running from a discord server, we should remove it from our activated list. This is needed to be implemented for #9 to be put into place.
After hearing you state you wished to reorganize the code, I was reminded of a feature discordjs has and read up on the docs for discordpy and was happy to find out it does also implement a similar feature.
Discordpy extensions allow separating out sections of code into sub-modules as you had indicated you thought about doing, and allow for hot reloading and loading of new code without needing to shut the bot down in order to do so (assuming the main bot process has been coded in a sufficient manner to allow this)
Discordpy cogs allow grouping of functions into a shared class space inside of modules which provide skeleton for a framework to run commands and bind listeners to event emitted from the discord api.
Cogs can be the basis for organizing of slash commands into groups.
Cogs would also simplify parameter passing between classes and functions as cogs classes can be referenced externally via the get_cog()
function call.
Bot stores minimal info, so we probably don't need to go super wild with this.
The only things that are stored are:
And that's really just it. When we go for bot verification, we'll probably need to make sure we have this.
Logging this here but it appears that /activate may not properly work for moderators in servers where the bot was invited. This is likely a permissions lookup issue that needs to be resolved.
It works correctly for owners, likely meaning it is a permission issue.
Currently we are on digital ocean. This is fine, but because we are python, memory is going to start jumping up overtime. Currently, DigitalOcean counts the memory usage of the OS against you, which is less than ideal because the OS uses about 30% of the 512MB plan we are on (verified via top before running app)
With 18 servers active and 21 in, we have a total of 38% usage of our RAM.
We are good for the next few months as we have free digital ocean credits, but we’ll want to move to railways as it gives us 8GB of RAM.
This will require the following changes:
Eventually, we will want to have the database move over to a db managed instance, but that can be for a different time.
Lower priority, originally this would retry to add the last N activities for a server (such as ban/unban) in the event something's going wrong on the discord side.
This would be good to do, especially if we move to a different cloud platform.
Currently there is no documentation regarding the new scamguard slash commands for reporting/checking bans. This should be properly documented on the website!
Scamcheck is currently a global command. This is great, however, this means that anyone outside of the control server can do a scamcheck lookup even if they are not a moderator.
Currently database functionality exists in the same class as the discord handling, and it looks like a chaotic mess. We could move the database functionality to another class instead of having it one big one.
Currently, the two names in the system are:
"BEGONE, SCAMMER" and "Commission Scammer Banner".
Both of these names are not very great, and we should probably determine a better name before verification, as that will permanently lock in our bot's user name as per this support article.
Will need to also update the screenshot seen here once names have been chosen.
If the bot gets added to a server but not activated after a set amount of time, dm the server owner to tell them about activation (if they are not already in the control server).
We can use a couple of checks to make this not invasive nor annoying.
Instead of handling all the messaging formatting and parsing ourselves, it would be better if we use the @command
markup because they are better at argument processing as well as typing.
https://discordpy.readthedocs.io/en/stable/ext/commands/commands.html
Specifically, this should add either a new few columns into the banned accounts table or should be an entire separate table.
The goal of this is to populate the information with links to report threads (store a list of thread ids, not the actual links). The bot can resolve those thread ids when it generates said embed data.
Currently, discord's expiration implementation causes images from remote reports to be wiped after the expiration. This is a problem for reports as it means data can be lost.
We need a way to keep that information.
So it might be confusing because the bot requests the read messages role for other servers and some might be adverse to this, even though it does not log nor does it read any message that does not have a ? as the starting character.
Eventually, when we move to the solution in #3, we can switch to the add bot via link instead of clicking on its profile to add, thus significantly lowering down processing (as it will strictly only run those commands in a control server).
See here for documentation/setup.
Currently these do not get updated at all, during the small windows that the bot is offline.
An issue we've had for awhile now is users will add the bot to their server but then never activate it, so it sits dormant in their server.
We either need to increase messaging with like a first time message that's posted whoever adds the bot if possible to let them know. Slightly related to #23
Summary: When the destructive action is attempted to be performed, show the calling user a ui model (discord.ui.View) that gives the option to ban.
When it should run:
What information should it show:
Actions that can be performed:
Note: to avoid race conditions, we should make sure that we check if the user is already banned in the database before the ban operation is performed. This action is already done asynchronously, so this addition to the code could introduce a new issue.
Goal: right now these functions seem to share similar code with the only difference being the flag of the async operation and some naming and returns.
Create a new function that handles a ban/unban based on a single bool flag, to help lower potential code duplication.
Currently, we have a standard error if we cannot execute the ban on a scammer due to permissions.
The problem with this standard error is that we don't know if we can't execute the ban because we lost ban permissions, or if the scammer in question is in the server with a role higher than ours.
The goal of this task is to see if we can detect if the issue is due to a role ranking difference without bringing in the server members nor the presence intents, as both intents are special and require extra permissions that I rather not add (see Discord's principles of least privilege).
Plus the fewer permissions we use, the better we are off.
This might not be possible via the API by itself and may require more information from the user, but if the bot was added by someone who is not the server owner, but then they should be also able to ?activate the bot as well.
Look into it
During reprocessing of bans, we should check that we have the permission to ban/unban.
This can be done by having the bot check during activation/deactivation if the permission was granted. If not, then potentially send an error message back when trying to activate instead of responding with the success message.
This should be done to make it clear for anyone that decides to spin up an instance of the bot, what flags they need to set to have a working instance
Right now it says "reported scammer by XXXXXX", it should say something along the lines of "Confirmed scammer by XXXXXX".
These ban messages are handled in the DiscordBot.py file.
This calls for moving the code that handles lookups, banning, unbanning and the connection between the discord bot and the database to a new class.
Thus making the bot code solely handle eventing and messaging.
This will allow older instances of the bot to setup new settings.
Our permission detection is very reliable, so we can just mark the server as deactivated if a ban doesn't go through for this reason.
Goal: Implement a Discord modal that allows for moderators to report commission scams without having to be in the control server. This can be brought up by any user with the administrator or ban permission.
This would direct the correct information to the TAG control server, by making a reported post. There would be a significant server wide cooldown implemented as well to prevent users from abusing it.
Instead of having it on the bot page, it might be better to separate the FAQ into its own documentation page.
It might just make it easier to find, which users are going to be looking for.
A couple things need to be done for the general website:
Currently blocked on #33, this is the task to work with Discord to get the bot verified.
The database does not update the server owner list so if a transfer happens, then the data in the database is incorrect.
The bot should be able to detect if a discord server migrates owners.
This allows us to also directly write to the server's moderators whenever something goes wrong and will also let us push updates to tickets too. This would be extremely handy for communication, and responses as well.
Something like this could be accomplished with a /setup
command the bot could have that would bring up a custom modal with instructions and assignment.
This is going to be necessary for scalability eventually. While ratelimiting is already handled, we will want to default sleep after doing several amounts of bans as the lists grow and grow.
This will become more and more important as things move forward.
Bot verification now also requires getting a terms of service document created for your bot. Information here.
Tasks:
It would be great to have a series of unit tests built in that could be ran and validated against. I'm not aware of any python unit test frameworks and their functionalities, so this would require a bit of research.
Scope of task is as follows:
Tests to run:
On finish of this task, a creation of a new task to have the system automate a test run on python commits/merge requests should be made.
This task should wait until #3 is completed, and probably should wait until #28 is too
This might work if we change the tag replacement code to be proper liquid eg {{ site.bot_name }}
, but would require some investigation on if the Jekyll-seo project will handle these.
Right now, any link cards show the default string site.bot_name due to github not supporting the liquify plugin.
See here regarding steps/documentation.
Currently, we just use whatever is the latest of these packages, but that can be an issue if any of our requirement modules has a major update. The goal is to update our requirements file so that it freezes properly.
Goals:
This requires tweaking the database to migrated to one that has better typing/formatting rules. Right now, it's kind of a mess, and even worse if we ever have to upgrade the server.
Look into ways to potentially make this easier to work with that can also build queries. There are a few python libraries that can help.
Print commands can overflow the 2000 character limit that Discord enforces onto bot messages.
Get around this by splitting up the message.
This would, via a command, scan the thread for a discord id (in the title or body of the post) and then get it ready for a scam ban. This would be easy to implement, and be helpful for mobile users.
To get the thread title:
Check the channel type, if it's a typeof Thread, then you can just use the name
property and it will give you the title in plain text.
To get the first post, we would have to read the message history.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.