search

DuckySoLucky / hypixel-discord-chat-bridge

A two-way chat bridge between Hypixel guild chat and a Discord channel. The application utilizes discord.js v14 for communicating with Discord, and mineflayer for communicating with Hypixel.
47 stars 39 forks source link

Add a filter to chat messages from Discord to Minecraft to prevent "IP Addresses" from being sent #240

Closed kwissss closed 7 months ago

kwissss commented 7 months ago

This message got bridge bot muted: leaking for 1 074 824 100 coins

The message came through to Hypixel as: Guild > [VIP] BRIDGE_BOT: USERNAME: leaking for [IP Address Removed] coins

Which resulted in: Bot is currently muted for a Major Chat infraction. Mute will expire in 1d

It seems Hypixel uses the following regex to look for IP Addresses: (\d{3}[. ]?){4}. They don't limit the values at max 255 as the message above contained 824, which is more than the max.

I suggest a filter is put in place to prevent other bots from being muted and investigated to be (potentially) banned - even though it was a false mute, it leads the staff to investigate the "IP Address" and the context, thus discovering the bot.

DuckySoLucky commented 7 months ago

we love Hypixel, can you replace the current regex with the right one if u don't mind? it should be inside src/discord/handlers/MessageHandler.js iirc

kwissss commented 7 months ago

Hmm. I looked into the file you mentioned and the bot was the one replacing the numbers with [IP Address Removed]. I assumed it was Hypixel that replaced it. Perhaps then it was the combination of the word leaking and the message sent containing IP Address?

Ref: https://github.com/DuckySoLucky/hypixel-discord-chat-bridge/blob/7d1b8fdf9e4bf2589762b2aeb33cd0bcb13452fc/src/discord/handlers/MessageHandler.js#L149

DuckySoLucky commented 7 months ago

Yeah, probably should be replaced with something like [Content Redacted]

DuckySoLucky commented 7 months ago

ty <3