Over the last few weeks I’ve been actively trying to outsmart the scammers in our Discord with multiple automod rules. It’s a battle I personally cannot seem to win, mainly due to time restrictions. I do however feel it’s extremely important and our duty to keep the autonomi communication channels a safe environment for everyone.
Discord autoMod rules have some limitations that the scammers seem to be working around. With percent encoding, combined with excessive line breakings to avoid the detection that happens pre-render.
I’ve been playing with the thought to use the Discord API combined with some trained model to detect if something is a scam or not. I have saved 10s if not 100s of scamming message (raw text) to train the model. I am however not technical enough to spin this up in a day, it would take me a significant time investment that I simply cannot afford at the moment. Therefor, I’m reaching out to the community to see if someone is willing to take over my battle for a while and/or help me achieve the goal faster.
Is the Discord any more encouraging than the forum?
I’m all but done with Discord but looking at the forum there’s negligible activity other than the core team updates.
This is a time when things should be picking up if not flying, but the opposite had been the case. While the core team press on, other development has apparently ground to a halt, perhaps due to sentiment and ANT price.
Whatever the cause it’s a terrible situation and very disheartening for me.
It’s not the activity we wish for, that’s for sure. But personally I really appreciate the Discord. Now, if there’s something I’ve learned it’s that quiet moment like these can be used to get a solid foundation. Once there is lots of activity, a few successful scammers can really hurt our community. Now is the time to prepare for that moment so that once we’re in a solid position, we have one less thing to worry about. That’s how I look at it
Significantly easier than training a model to detect might be to use a (optionally local) llm, feeding it a message, let it check it someone claims to be an official support guy/tries to drag people into support channels and is not part of the team.
(you instruct it to answer with a json output that you can easily process in the next step)
Any message offering genuine support will come from a small no of known usernames.
We know who the helpful folks are on the team and in the community.
Therefore any message containg terms like “helpdesk” “support” “ticket” that does NOT come from that small list of known names is suspect and needs further investigation.
Lets not overcomplicate this and try to make it easier on ourselves and the incredily hardworking @anon75844067
Prominent pinned msgs telling folks to ask for help ONLY in the support channel, warnings about scammers etc need to be at the top of every Discord screen.
Perhaps a badge for known good guys?
And add to that list as further genuine helpful folk emerge? - Yes I know some will play a long game here - remember how long Hannah-dev ( or something like that) hung about before stupidly outing themselves?
It’s actually not that easy, I wish it was. Here’s an example of some raw text messages that they send. This is the format Discord’s Automod tried to detect certain words, before rendering it into a message that contains a clickable link:
I’m surprised Discord don’t offer more support for this sort of thing. Aren’t their plugins or some such? I’m sure lots of communities must be struggling with the same.
The annoying thing is that the messages as shown above is not detected as a link when the Discord Automod is checking the message. Its detecting things pre-rendering, only after rendering it shows as a clickable link in the chat.
We could, I’ve already made sure we have a detection system for percent encoding in https formats, so the Hyperliquid and Uniswap scams have a 100% detection rate at the moment. However, limiting additional characters like line breaks would also prevent people from making a list of some sort. For example:
Before christmas we expect to introduce
merkel tree
new dave release
We want to prevent false positives from happening, so there is a fine line between blocking special characters for Discord safety and providing a decent first time experience for new users. To be fair, I’m also not really sure how the Discord join age would work in the long term, because it does look like the scammers learn from previous banned accounts. So I can imagine if you add a 3 month age for people posting links, it wont take long before scammers join, wait 3 months and start scamming after.
It’s insane to be honest, even more complex regex scripts are blocked by Discord, so it really prevents me from fully solving this issue with just AutoMod rules. I have no idea about plugins of some sort, but I’m really inexperienced with Discord to be honest. I’m learning on the go trying to outsmart these scammers.
The percent decoding one I already had, that is working like a charm. The split lines however, is still allowing many of the support ticket scams as mentioned above.
After doing some additional research, I managed to find a new way to detect these scams. Rusty will probably integrate them in the Autonomi server later today, after which I’ll have to do some additional testing
Yeah I agree, the time out shouldn’t happen automatically anyway. We do that manually after the log shows it has been removed and is not a false positive.
Rusty just mentioned he excluded Maidsafe members and mods from these rules, which I think is good.
However, I do not agree people should be able to use block quotes to ask questions. Yes, it’s more convenient, but if the trade-off is we cannot prevent scammers from flooding the channel I’d take no block quotes over that any day any time.
I did just make the suggestion that we can implement a trust system based on time in the channel, maybe even amount of messages send it the channel. That would make longer, active members, allowed to bypass certain strict rules that have to he active for people new in the channel. It’s a system that would probably be best, however, it does take a significant time investment from both me (or you) and the team to asses. I would not make that investment at this point, personally,
