Skip to content

[EN] Modules ‐ Raid: Antispam and Anti‐Raid module

Jump to bottom Edit New page
Axel edited this page Jul 22, 2024 · 3 revisions

The raid module has been developed to prevent malicious third parties from assaulting a server. It has multiple features:

  • Blocking users from joining depending on a certain set of rules (e.g if the raiders always have the same name pattern or account creation date), see Raid rules
  • Lock the server preventing anyone from joining for a certain amount of time, see Server locking
  • Detect spam behaviors and mute (or ban) them from the server while notifying the moderation, see Antispam

Raid rules

Needed permissions:

  • Kick Members
  • Ban Members
  • Send Messages (at least in the channel specified in the RuleAlertChannel setting)

Needed settings:

  • !config raid set RuleAlertChannel ⁠#channel-where-we-log-when-a-rule-apply

Commands: To list the current rules applied to this guild, type !listrules.

To see the available raid rule list, type !rulehelp and follow the helper to use !addrule. You can remove specific rules using !delrule <index> or remove all rules using !clearrules.

Server locking

Needed permissions:

  • Kick Members
  • Send Messages (at least in the channel specified in the LockAlertChannel setting)

Needed settings:

  • !config raid set LockAlertChannel⁠#channel-where-we-log-when-a-lock-start-or-ends
  • !config raid set LockServerVerificationLevel <verificationLevelWhenLocking> in those values:
    none = 0
    low = 1
    medium = 2
    high = 3
    veryHigh = 4
  • !config raid set DefaultLockDuration <duration> (default: 600s)
  • !config raid add LockAuthorizedRoles @Role (add a role to the roles allowed to lock and unlock server)

Commands:

You can use !lockserver <duration> <reason> to lock the server, and !unlockserver <reason> to unlock it.

Autolock:

When a server sees too many joins at the same time ( setting in seconds, default being 10 joins in 5 seconds), it will automatically lock to prevent a raid from happening.

Antispam

The antispam submodule is used to detect, and mute or ban the user automatically. We recommend muting since they can be false positives.

Needed modules:

  • mute

Needed permissions:

  • Kick Members
  • Manage Roles
  • Manage Messages in every channel that should be monitored

Needed settings:

  • !config raid add SpamImmunity @Role (add a role to the roles that will never be auto-banned/muted for spam)
  • !config raid set SpamMute <true/false> (default: true, should the bot mute a member exceeding the spam window instead of banning them? (require the mute module))
  • !config raid set SpamTimeThreshold <duration> (For how long should the spam window be open)
  • !config raid set SpamCountThreshold <score> (How much "spam score" is allowed in the spam window before the bot bans/mutes the member ?)
  • !config raid set AlertChannel #channel-where-we-log-spams

How does the antispam submodule work?

This submodule computes a score based on the user's recent activity (recent being based on the SpamTimeThreshold setting, in seconds).

The score is computed per message:

  • A message has one initial point
  • We transform any non-ASCII character looking like one to an ASCII character (e.g. ⍺, a, 𝐚 or 𝑎 becomes "a")
  • We add one point for each of the spamwords
  • We add one point if there's at least one of the spam hints
  • We add one point per unique user-targeting ping
  • We double the points for each role/everyone/here ping
  • We double the points if the message contains a link (except for discord-owned domains)

Then the whole window score is computed:

  • A channel switch from the previous message adds one point (per message)
  • A duplicated message between channels adds X points, X being the number of times it already appeared in the spam chain (+1 first time, +2 second time, etc.) (per message)

If the score exceeds the threshold, we delete the messages and mute the user. Then we post everything in the LockAlert channel.

We used SpamCountThreshold at 6 points and SpamTimeThreshold at 10 seconds, without any issue on the "Not a Name" server (low false positive rate and high antispam catch rate).

If you think your server has more pings, links, or legitimate spam words, we encourage you to increase these values. Note that most bots will try to post in most or all channels, they will be stopped fast, even with a higher score threshold.

Add a custom footer
English
Français
  • Modules 
        </ul>
  </details>
</li>
Clone this wiki locally