What's the bot exactly about and how it is working.
SCAMELEON Scam Protection Bot
is primarily aimed at larger communities and developer discords, especially of games that are present on Steam who are struggling with scambots. The goal is to provide security between different communities.
As a moderator of an official developer discord of an upcoming PC game, I have to deal with scammers trying to steal the Steam data of users every day.
Out of this problem I came up with the idea to create a bot that specializes in exactly this problem.
In the best case, the bot remains completely inactive. But if it has to, it actively protects your server.
The bot is monitoring the server's auditlog for ban actions. If a user gets banned with the term "scam" in the reason, the bot comes into effect.
Scam is not case sensitive and can be wrapped in a sentence or another term like "scammer".
As the bot monitors the audit log, it also works in combination with other moderation bots such as Dyno.
To avoid abuse, the bot now evaluates the report value based on the server size. This value is now saved.
If other servers also ban the account because of "scam", their values are added to the existing value. Thus, no single server can trigger the following step.
If the summed report value exceeds a certain level, the user gets scam listed and cannot join any other server that uses this bot.
The bot now also scans all servers that use it to check if this account is also there as a sleeper and executes the defined action (kick/ban/warn).
Another security aspect to avoid abuse is the fact that the banned user must have been on the server to be counted. Banning users who are not on the server has no effect.
For the basic functionality the bot does not need any setup. Once you have invited it to your server, it will work as long as it gets the requested permissions.
Of course, the bot can be customized a bit. You need managing guild permissions to change the settings. All changes can be done in the web interface.
For example, you can enable a logging function that is disabled by default.
You can also set how the bot should react to users from the scam list.
- to kick these users directly when they join (default behaviour) - high security level:
- to enable only a warning in the log channel instead of direct kicking/banning when they join. - low security level:
- to disable the functionality of the bot (the ban tracking will continue) - no security:
Users from the scam list will get a short explanation from the bot why they were kicked/banned directly. With the possibility of an appeal to us to be removed from the scam list.
- The bot can also identify and delete scam messages relatively reliably. The feature is disabled
by default. It does not search for a fixed scam pattern, but evaluates the messages based on typical word combinations. Additionally, the included links are also checked according to the usual formulations and included in the evaluation.
This makes the detection very flexible and reliable.
The bot then deletes identified messages and posts a copy to the logs.
Here the moderators can decide how to deal with the author.
It does not automatically sanction users based on messages, because despite the actually reliable detection, false positives are not totally excluded.
Logging of Discord integrated mod tools
- Discord meanwhile has a lot of integrated moderation tools like kick/ban/timeout.
But all of them have one huge disadvantage. It is very difficult to track moderation actions afterwards. Searching in the audit logs is hell.
Also the timeout function is a nice idea, but the user will never get the reason of the timeout.
If the Discord logging feature is enabled, SCAMELEON will try to log all moderations executed with the Discord tools.
If you execute a mute, the user will get a DM from the bot including the mute reason.
- You don't want certain names or symbols on your server? And want to see when a user with such a name joins?
Use your personal SCAMELEON name filter and get informed in the log channel. The filter does not trigger any moderate actions. It is a simple staff information.
You can add whole names or just unwanted parts. The bot searches both display name and the actual Discord name for matches.
Of course there can be false positives, but better 20 false positives that you ignore than one unnoticed, unwanted name.
-You don't want to have certain phrases or symbols in messages? You want to see if they are used without reading every message?
Use your personal SCAMELEON word filter and get informed in the log channel. The filter does not trigger any moderate actions. It is a simple staff information.
You can add whole words or only unwanted parts. The bot will then check all new messages for matches..
Transparency is important, so here are some explanations about data processing.
What are the permissions needed for?
Kicking and banning
- The bot offers the possibility based on the scam list to prevent users from entering the server by kick or ban. There is no moderation of the already active members.
- During a ban action of a moderator, the bot accesses the server's audit log to check if "scam" is specified in the reason. By retrieving the data via the auditlog, the bot is also compatible with other moderation bots. The bot does not process any other
See channels, write messages, embed links
- This is used to set up the log channel. Also, the bot responds via embed texts. The bot does not process any
text away from its commands in its default setting. If you enable the automatic deletion of scam messages, new messages will be scanned for scam indicators. Here the manage messages
permissions are needed.
This data is stored by the bot
Only the ID of the server and its name are stored to allow individual configuration of the server.
For "scam" bans, the server ID is also stored with the associated ban reason to be able to retrace the scam listing in case of an appeal.
In adition, the UserID of the "scammer" is added to the watch- and later scam list.
When you remove the bot from your server, all data will be deleted except for the already registered scammer IDs and the information related to the ban.