[Report] Spammers still in group even when Bot said that was kicked

[helioloureiro]

Hi,

We added our own instance of TLG_JoinCaptchaBot in our group in Telegram. Recently we noticed that spammers were able to by pass the captcha and remain at the group.

The logs we have:

2021-12-02 11:37:25: [-1001042877884] New join detected: Classie Carroll (2098425374) 2021-12-02 11:37:25: [-1001042877884] Sending captcha message to Classie Carroll: 3758... 2021-12-02 11:37:26: [-1001042877884] Captcha send process complete.

2021-12-02 11:37:27: [-1001042877884] User Classie Carroll requested a new captcha. 2021-12-02 11:37:27: [-1001042877884] Sending new captcha msg: 4702... 2021-12-02 11:37:28: [-1001042877884] New captcha request process complete.

2021-12-02 11:37:29: [-1001042877884] User Classie Carroll requested a new captcha. 2021-12-02 11:37:29: [-1001042877884] Sending new captcha msg: 1508... 2021-12-02 11:37:29: [-1001042877884] New captcha request process complete.

2021-12-02 11:37:30: [-1001042877884] User Classie Carroll requested a new captcha. 2021-12-02 11:37:30: [-1001042877884] Sending new captcha msg: 5234... 2021-12-02 11:37:30: [-1001042877884] New captcha request process complete.

2021-12-02 11:39:32: [-1001042877884] New join detected: Vara Prasad (1812884096) 2021-12-02 11:39:33: [-1001042877884] Sending captcha message to Vara Prasad: 6877... 2021-12-02 11:39:33: [-1001042877884] Captcha send process complete.

2021-12-02 11:39:35: [-1001042877884] User Vara Prasad requested a new captcha. 2021-12-02 11:39:35: [-1001042877884] Sending new captcha msg: 5855... 2021-12-02 11:39:36: [-1001042877884] New captcha request process complete.

2021-12-02 11:42:26: [-1001042877884] Captcha reply timed out for user Classie Carroll. 2021-12-02 11:42:26: [-1001042877884] Captcha not solved, kicking Classie Carroll (2098425374)... 2021-12-02 11:42:28: [-1001042877884] Increased join_retries to 2 2021-12-02 11:42:28: [-1001042877884] Removing messages from user Classie Carroll... 2021-12-02 11:42:28: [-1001042877884] Kick/Ban process complete

2021-12-02 11:42:56: [-1001042877884] Scheduled deletion time for message: 266368 2021-12-02 11:42:56: [-1001042877884] Message to delete not found 2021-12-02 11:43:28: [-1001042877884] Scheduled deletion time for message: 266372 2021-12-02 11:44:34: [-1001042877884] Captcha reply timed out for user Vara Prasad. 2021-12-02 11:44:34: [-1001042877884] Captcha not solved, kicking Vara Prasad (1812884096)... 2021-12-02 11:44:35: [-1001042877884] Increased join_retries to 2 2021-12-02 11:44:35: [-1001042877884] Removing messages from user Vara Prasad... 2021-12-02 11:44:36: [-1001042877884] Kick/Ban process complete

2021-12-02 11:45:03: [-1001042877884] Scheduled deletion time for message: 266371 2021-12-02 11:45:04: [-1001042877884] Message to delete not found 2021-12-02 11:45:35: [-1001042877884] Scheduled deletion time for message: 266373 2021-12-02 11:52:26: Removing kicked user 2098425374 after 10 mins 2021-12-02 11:54:34: Removing kicked user 1812884096 after 10 mins

So both users Vara Prasad and Classie Carroll were supposed to be kicked/banned.

But that isn't what we see.

So they found a way to join and remain at the group.

What we can see it that all spammers do almost the same: they keep requesting new captcha.

[J-Rios]

Hi,

Thanks for reporting this!

Note that we already have an issue to track if spammers userbots are bypassing the captchas. Please write your message again in the next issue if you can, to keep all this in the same issue and avoid duplicated issues: Spam userbots solving the captcha?

Regards.

[helioloureiro]

Thanks for the response @J-Rios. I didn't move conversation over that topic because I don't think they're related.

Based on the logs, spammers aren't solving the captcha or alike. Instead they keep requesting new captcha until.... I don't know. It seems they found some race condition.

Is there a parameter to enable more debug information in order to better understand what is happening?

[J-Rios]

Oh, I see what you point now, I was thinking they was requesting new captcha images until they can solve, but this is not the case...

From the log you provided, the userbots request new captcha a couple of times or more (this could be the normal userbots operation to bypass any CaptchaBot based on a "press this button to prove you are human", they just join a group and press any button that they read). However, the CaptchaBot tells in the log that the user don't solve the captcha and was successfully kicked...

This log is enough and shows that "Vara Prasad" is kicked out:

2021-12-02 11:44:34: [-1001042877884] Captcha reply timed out for user Vara Prasad.
2021-12-02 11:44:34: [-1001042877884] Captcha not solved, kicking Vara Prasad (1812884096)...
2021-12-02 11:44:35: [-1001042877884] Increased join_retries to 2
2021-12-02 11:44:35: [-1001042877884] Removing messages from user Vara Prasad...
2021-12-02 11:44:36: [-1001042877884] Kick/Ban process complete

Please can you take a look inside Telegram group settings "Recent Actions" when something like this happen to check if it was actually removed from the group? Because the image you provided with group list of members just shows the users that your Telegram APP thinks are in the group, and I know sometimes the Telegram APP didn't update well that screen even when the user is not on the group it keeps telling that the user is there, but it is not...

Regards.

[helioloureiro]

Hi,

Unfortunately I can't get messages from that time because of the time Telegram keeps such messages before purge.

But since it became the new normal, there is another case today:

2021-12-05 12:48:23: [-1001042877884] Scheduled deletion time for message: 266696 2021-12-05 12:48:23: [-1001042877884] Message to delete not found 2021-12-05 12:48:54: [-1001042877884] Scheduled deletion time for message: 266697 2021-12-05 12:57:53: Removing kicked user 5010705550 after 10 mins

2021-12-05 16:38:24: [-1001042877884] New join detected: Dave Clinton (1784665203) 2021-12-05 16:38:25: [-1001042877884] Sending captcha message to Dave Clinton: 0153... 2021-12-05 16:38:25: [-1001042877884] Captcha send process complete.

2021-12-05 16:43:25: [-1001042877884] Captcha reply timed out for user Dave Clinton. 2021-12-05 16:43:25: [-1001042877884] Captcha not solved, kicking Dave Clinton (1784665203)... 2021-12-05 16:43:26: [-1001042877884] Increased join_retries to 2 2021-12-05 16:43:26: [-1001042877884] Removing messages from user Dave Clinton... 2021-12-05 16:43:27: [-1001042877884] Kick/Ban process complete

2021-12-05 16:43:55: [-1001042877884] Scheduled deletion time for message: 266700 2021-12-05 16:43:55: [-1001042877884] Message to delete not found 2021-12-05 16:44:26: [-1001042877884] Scheduled deletion time for message: 266701 2021-12-05 16:53:25: Removing kicked user 1784665203 after 10 mins

So this user "Dave Clinton" is the same situation.

And from the "recent actions":

So the last message is the translated message from bot saying that user Dave Clinton didn't send the captcha in time and was kicked out.

[J-Rios]

So, there is no CaptchaBot kick Dave Clinton in "Recent Actions", just the "delete message", right?

That's strange I didn't see that issue before...

What CaptchaBot version is your instance ubuntubr_bot? It is the lastest version (1.23.3 - 25/09/2021)?

[helioloureiro]

Latest from git:

Checked out on commit 32b5c47adc80df0fcc5a377f09710def89434aba, Update RU language.

[J-Rios]

mmm, I can't replicate the issue, the Bot kick as expected in the groups where I'm an Admin.

Here is the full "Recent Actions" log for a user named ":D" that doesn't solve the captcha (note that ban/kick is shown above Bot messages deletion):

I will be checking the groups next days to check if I can see the not-kick behavior...

[J-Rios]

Any news regarding this issue? I was not able to replicate neither see this issue happening (just the Telegram clients APPs bugs that sometimes keeps showing for a while on group member list, users that has recently left the group)... Also, could any of the changes of lastest Bot version solves it?

[helioloureiro]

Nowadays they evolved the bot to use random names. So it isn't working anymore. We need to look at profile and check bio like "working time from 8:00 to 17:00" to identify it. But stills not 100% positive matching.

[J-Rios]

Closing then...