-
-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Detecting and blocking scam #394
Conversation
c05f237
to
1157c84
Compare
Waiting for #398 |
1157c84
to
57cd482
Compare
a76ccfb
to
77657dc
Compare
54c0348
to
714fe4c
Compare
application/src/main/java/org/togetherjava/tjbot/commands/moderation/scam/ScamBlocker.java
Outdated
Show resolved
Hide resolved
application/src/main/java/org/togetherjava/tjbot/commands/moderation/scam/ScamBlocker.java
Outdated
Show resolved
Hide resolved
application/src/main/java/org/togetherjava/tjbot/commands/moderation/scam/ScamBlocker.java
Outdated
Show resolved
Hide resolved
application/src/main/java/org/togetherjava/tjbot/commands/moderation/scam/ScamBlocker.java
Outdated
Show resolved
Hide resolved
application/src/main/java/org/togetherjava/tjbot/commands/moderation/scam/ScamDetector.java
Outdated
Show resolved
Hide resolved
application/src/main/java/org/togetherjava/tjbot/commands/moderation/scam/ScamDetector.java
Outdated
Show resolved
Hide resolved
application/src/main/java/org/togetherjava/tjbot/commands/system/BotCore.java
Show resolved
Hide resolved
application/src/main/java/org/togetherjava/tjbot/commands/moderation/scam/ScamBlocker.java
Outdated
Show resolved
Hide resolved
application/src/main/java/org/togetherjava/tjbot/commands/moderation/scam/ScamBlocker.java
Outdated
Show resolved
Hide resolved
application/src/main/java/org/togetherjava/tjbot/commands/moderation/scam/ScamBlocker.java
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some classes don't have documentation, can you take a look at that?
Not saying everything needs documentation, more of a question to you to take a look at that so classes that do need it receive it.
application/src/main/java/org/togetherjava/tjbot/commands/moderation/scam/ScamBlocker.java
Outdated
Show resolved
Hide resolved
application/src/main/java/org/togetherjava/tjbot/commands/system/BotCore.java
Show resolved
Hide resolved
@Tais993 Do you remember which? I thought I added it everywhere. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see, it's only 1 class.
application/src/main/java/org/togetherjava/tjbot/commands/moderation/scam/ScamDetector.java
Outdated
Show resolved
Hide resolved
16fd01b
to
cfe91c8
Compare
cfe91c8
to
d92fcaa
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's why I review multiple times :p
application/src/main/java/org/togetherjava/tjbot/commands/UserInteractor.java
Outdated
Show resolved
Hide resolved
application/src/main/java/org/togetherjava/tjbot/commands/moderation/scam/ScamBlocker.java
Show resolved
Hide resolved
application/src/main/java/org/togetherjava/tjbot/commands/moderation/scam/ScamBlocker.java
Outdated
Show resolved
Hide resolved
application/src/main/java/org/togetherjava/tjbot/commands/moderation/scam/ScamBlocker.java
Show resolved
Hide resolved
application/src/main/java/org/togetherjava/tjbot/commands/moderation/scam/ScamBlocker.java
Show resolved
Hide resolved
it basically moves getName(), onButtonClick() and onSelectionMenu() from SlashCommand one level higher - so that also non-slash-commands can use it
* also added junit parametrized test dependency * removed a useless gradle dep that was duplicated
2402c73
to
4134e41
Compare
Kudos, SonarCloud Quality Gate passed! |
Overview
Implements and closes #390.
This adds:
ScamDetector
ScamBlocker
ScamHistoryStore
ScamHistoryPurgeRoutine
to purge the storeIt automatically attempts to detect scam messages, such as nitro scam and then takes actions agains, ranging from just logging the issue to deleting the message and quarantining the user.
The system is highly configurable and supports several modes:
OFF
ONLY_LOG
APPROVE_FIRST
AUTO_DELETE_BUT_APPROVE_QUARANTINE
AUTO_DELETE_AND_QUARANTINE
We will probably start with a more manual mode, such as
APPROVE_FIRST
and then increase it incrementally depending on how well it goes.ScamBlocker
The blocker is highly configurable and has different actions depending on its mode.
OFF
The blocker is deactivated and does not scan for scam at all.
ONLY_LOG
The blocker detects scam but only logs a
WARN
level message, no further action taken:APPROVE_FIRST
Detected scam will be sent to moderators for review. Any action has to be approved explicitly first.
If lacking the soft moderation role:
AUTO_DELETE_BUT_APPROVE_QUARANTINE
Detected scam will automatically be deleted. A moderator will be informed for review. They can then decide whether the user should be put into quarantine.
AUTO_DELETE_AND_QUARANTINE
The blocker will automatically delete any detected scam and put the user into quarantine.
ScamDetector
The scam detector analyzes strings for scam. Its heuristic is highly configurable.
In general, it searches the content for keywords, such as
nitro
and@everyone
.Additionally, it searches for an URL and analyzes the host of the URL. It supports a white- and blacklist for the URL hosts. Also, it checks whether the URL contains an infix that is similar to a suspicious keyword, such as
discord
(for examplewww.foo_disc0rd_bar.com
).Based on those, two rules that determine scam are defined:
contains("nitro")
andcontains("@everyone")
andhasUrl
contains("nitro")
andhasSuspiciousUrl
In both rules, the presence of
nitro
in the message is mandatory.The following would be detected as a scam message by the first rule:
And the following would be matched by the second rule:
ScamHistoryStore
and Co.The store is mainly a wrapper around the new database table:
Entries are purged after 14 days by
ScamHistoryPurgeRoutine
.The main purpose of the store is to detect scam duplicates for a graceful handling of multi-spam. In practice, users dont just post a single scam message, but instead they spam multiple channels with the same message. However, we only want to report it once to the mods for decision-making and take action, such as quarantining, also only once. Therefore, we track each scam in the store and can easily find duplicate scam messages.
In detail, when a scam message is detected, we will check whether there are recent duplicates (15 minutes) and if so, we will just not take any further action. For modes that issue an immediate deletion, we will silently delete the message though. For other modes, the action will be taken on all scam duplicates after clicking the button on the scam report.
Config
The config has changed. See
config.json.template
. Here is a good default configuration:Checklist
General:
ScamDetector
Modes:
Features: