We're referring to users that pose potential threats, as DM scam/spammers or raiders as "risky users" here on.
We are using the C# community Discord as a sample.
The current heuristics to analyse if a user is a risky user is based on a number of variables, such as account creation, join rate and avatar similarity to a known hash. It is my goal to reduce the number of attacks on genuine users of a Discord server by implementing a new validation barrier for users we deem risky based on account creation.
What we have observed is that the waves of botnet accounts join with common creation dates. The likelyhood is that we are being hit by two independent sources of accounts, whereas previously we had deemed this to be one source. Accounts are created within a range of 15 days of the current date. Once we have identified a range, on a certain date, these accounts tend to remain in that range of 1 to 2 days.
I.e. It is September 29th, an account range will start to become apparent within the prior 15 days. The earliest a batch of accounts will have been created is September 14th. A batch would have been created on September 16th-17th, which makes this a range we scan for.
With this knowledge, it is easy to implement a given validation scenario for new members with an account creation based on the rules observed.
Changes come in the form of gating the C# community, meaning access to the actual guild will be behind a Verified role. Every existing member of the guild will be grandfathered into this role. Every new member, upon join, will be run through a validation process.
Branches for validation will be limited to:
If the account was created before 15 days from today, we deem the account to be "not at risk", and permit the Verified role automatically
If the account was created inside of the 15 days from today, we deem the account to be "at risk", and do not permit the Verified role, kicking these users into a new verification channel. It is here where users will need to read and react to a post as an additional barrier to the guild. Reacting to the post with a pre-determined emoji will then grant that user the Verified role and thus gain them entry into the guild.
We lack sufficient evidence to stipulate if we can remove at risk account ranges, or if these need to persist forever.
It is useful here to note, time is on our side, as the botnet developers cannot work in the past. Anything we adopt today will work, with only future changes being able to further bypass this mechanism. It is my goal to remain as passive as possible, before becoming aggressive with heuristics and gating every single join.
We're referring to users that pose potential threats, as DM scam/spammers or raiders as "risky users" here on.
We are using the C# community Discord as a sample.
The current heuristics to analyse if a user is a risky user is based on a number of variables, such as account creation, join rate and avatar similarity to a known hash. It is my goal to reduce the number of attacks on genuine users of a Discord server by implementing a new validation barrier for users we deem risky based on account creation.
What we have observed is that the waves of botnet accounts join with common creation dates. The likelyhood is that we are being hit by two independent sources of accounts, whereas previously we had deemed this to be one source. Accounts are created within a range of 15 days of the current date. Once we have identified a range, on a certain date, these accounts tend to remain in that range of 1 to 2 days.
I.e. It is September 29th, an account range will start to become apparent within the prior 15 days. The earliest a batch of accounts will have been created is September 14th. A batch would have been created on September 16th-17th, which makes this a range we scan for.
With this knowledge, it is easy to implement a given validation scenario for new members with an account creation based on the rules observed.
Changes come in the form of gating the C# community, meaning access to the actual guild will be behind a
Verifiedrole. Every existing member of the guild will be grandfathered into this role. Every new member, upon join, will be run through a validation process.Branches for validation will be limited to:
Verifiedrole automaticallyVerifiedrole, kicking these users into a new verification channel. It is here where users will need to read and react to a post as an additional barrier to the guild. Reacting to the post with a pre-determined emoji will then grant that user theVerifiedrole and thus gain them entry into the guild.We lack sufficient evidence to stipulate if we can remove at risk account ranges, or if these need to persist forever.
It is useful here to note, time is on our side, as the botnet developers cannot work in the past. Anything we adopt today will work, with only future changes being able to further bypass this mechanism. It is my goal to remain as passive as possible, before becoming aggressive with heuristics and gating every single join.