Update cogs to prevent ping spam

obsproject / obs-bot

Source code for the obsproject Discord bot

https://discord.gg/obsproject

GNU General Public License v3.0

37 stars 18 forks source link

Update cogs to prevent ping spam #14

Closed tt2468 closed 2 years ago

tt2468 commented 2 years ago

Description

Rate limit per-member and per-channel
Limit the max mentions to one

Since this is an or with the rate limits, it means that this tackles issues with the same user going down the channel list and quickly spamming factoids in each one.

Motivation and Context

Spam bad

How Has This Been Tested?

Bot initializes correctly until shutting down due to no config file - syntax is correct.

Types of changes

Tweak (non-breaking change to improve existing functionality)

Checklist:

[x] My code has been run through clang-format.
[x] I have read the contributing document.
[x] My code is not on the master branch.
[x] The code has been tested.
[x] All commit messages are properly formatted and commits squashed where appropriate.
[x] I have included updates to all appropriate documentation.

asher-the-thrasher commented 2 years ago

Would this change effectively make it so that someone can only use a factoid once every 20 sec and a factoid can only be sent in a channel once every 20 sec? Do you have example of when this created too much spam? Personally I feel like this would only make it harder for people to provide support to multiple people at once, especially during a busy time.

Nofew commented 2 years ago

Would this change effectively make it so that someone can only use a factoid once every 20 sec and a factoid can only be sent in a channel once every 20 sec? Do you have example of when this created too much spam? Personally I feel like this would only make it harder for people to provide support to multiple people at once, especially during a busy time.

We are undergoing a bot raid right now that is abusing OBSBot to ping everyone.

I do think that limiting it to 20 seconds per user is extreme, given the amount of commands that I regularly send in #windows-support. Is this a temporary measure?

tt2468 commented 2 years ago

It is currently rate-limited per channel so it's unlikely to cause any big changes. I don't expect someone to need to use two cogs in two different channels within a given rate limit period.

In terms of examples, staff and other members have been getting mass-pinged via the bot for the last few days.

tt2468 commented 2 years ago

Would this change effectively make it so that someone can only use a factoid once every 20 sec and a factoid can only be sent in a channel once every 20 sec? Do you have example of when this created too much spam? Personally I feel like this would only make it harder for people to provide support to multiple people at once, especially during a busy time.

We are undergoing a bot raid right now that is abusing OBSBot to ping everyone.

I do think that limiting it to 20 seconds per user is extreme, given the amount of commands that I regularly send in #windows-support. Is this a temporary measure?

20.0 is just the default value for the rate limit. It pulls the real value from the runtime configuration. So it's whatever it is right now.

Nofew commented 2 years ago

FYI: I misunderstood what this PR does, and now have no issues with it. I don't want to elaborate further given the sort of attack that we're under, so I'll just say that I didn't understand how discord differentiates some specific actions, and this specific patch doesn't mess with my workflow at all. Thank you!