What's the bot exactly about and how it is working.
SCAMELEON Scam Protection Bot
is primarily aimed at larger communities and developer discords, especially of games that are present on Steam who are struggling with scambots. The goal is to provide security between different communities.
As a moderator of an official developer discord of an upcoming PC game, I have to deal with scammers trying to steal the Steam data of users every day.
Out of this problem I came up with the idea to create a bot that specializes in exactly this problem.
In the best case, the bot remains completely inactive. But if it has to, it actively protects your server.
The bot is monitoring the server's auditlog for ban actions. If a user gets banned with the term "scam" in the reason, the bot comes into effect.
Scam is not case sensitive and can be wrapped in a sentence or another term like "scammer".
As the bot monitors the audit log, it also works in combination with other moderation bots such as Dyno.
To avoid abuse, the bot now evaluates the report value based on the server size. This value is now saved.
If other servers also ban the account because of "scam", their values are added to the existing value. Thus, no single server can trigger the following step.
If the summed report value exceeds a certain level, the user gets ban listed and cannot join any other server that uses this bot.
The bot now also scans all servers that use it to check if this account is also there as a sleeper and executes the defined action (kick/ban/warn).
Another security aspect to avoid abuse is the fact that the banned user must have been on the server to be counted. Banning users who are not on the server has no effect.
For the basic functionality the bot does not need any setup. Once you have invited it to your server, it will work as long as it gets the requested permissions.
Of course, the bot can be customized a bit. You need managing guild permissions to change the settings. All changes can be done in the web interface.
For example, you can enable a logging function that is disabled by default.
You can also set how the bot should react to users from the ban list.
- to kick these users directly when they join (default behaviour) - good security:
- to ban these users directly when they join - best security:
- to enable only a warning in the log channel instead of direct kicking/banning when they join. - low security:
- to disable the functionality of the bot (the ban tracking will continue) - no security:
Users from the ban list will get a short explanation from the bot why they were kicked/banned directly. With the possibility of an appeal to us to be removed from the ban list.
- The bot can also identify and delete scam messages relatively reliably. The feature is disabled
by default. It does not search for a fixed scam pattern, but evaluates the messages based on typical word combinations.
This makes the detection very flexible.
The bot then deletes identified messages and posts a copy to the logs.
Here the moderators can decide how to deal with the author.
It does not automatically sanction users based on messages, because despite the actually reliable detection, false positives are not totally excluded.
Transparency is important, so here are some explanations about data processing.
What are the permissions needed for?
Kicking and banning
- The bot offers the possibility based on the ban list to prevent users from entering the server by kick or ban. There is no moderation of the already active members.
- During a ban action of a moderator, the bot accesses the server's audit log to check if "scam" is specified in the reason. By retrieving the data via the auditlog, the bot is also compatible with other moderation bots. The bot does not process any other
See channels, write messages, embed links
- This is used to set up the log channel. Also, the bot responds via embed texts. The bot does not process any
text away from its commands in its default setting. If you enable the automatic deletion of scam messages, new messages will be scanned for scam indicators, of course. Here the manage messages
permissions are needed.
This data is stored by the bot
Only the ID of the server and its name are stored to allow individual configuration of the server.
For "scam" bans, the server ID is also stored with the associated ban reason to be able to retrace the ban listing in case of an appeal.
In adition, the UserID of the "scammer" is added to the watch- and later ban list.
When you remove the bot from your server, all data will be deleted except for the already registered scammer IDs and the information related to the ban.
Big communities using the bot