search

thedevs-network / the-guard-bot

The Guard, a Telegram bot to moderate groups.
https://t.me/thedevs_bot
GNU Affero General Public License v3.0
491 stars 162 forks source link

Bot gets too many requests after banning 20 bots. #26

Closed wojpawlik closed 4 years ago

wojpawlik commented 6 years ago

Referenced conversation

The simplest solution I see is to warn people for trying to add a bot, so that when they try to do it 2 times more, they get banned, not getting anywhere close to adding 20 bots when adding one by one.

SitiSchu commented 6 years ago

This could be easily avoided by adding all bots in one go, I've seen userbots add 20 bots at once.

wojpawlik commented 6 years ago

Adding more than some amount of bots could mean instaban.

wojpawlik commented 6 years ago

3 or less = warn, more than 3 = ban?

We could also go with Math.floor(19 / numberOfWarnsToBan).

trgwii commented 6 years ago

I'm gonna see if I can look into modding Telegraf somehow to make it respect rate limits

wojpawlik commented 6 years ago

@trgwii You could easily replace ctx.kickChatMember with a rate-limited version. Rate-limiting is the hardest part, honestly.

Or, it could also be explicit.

trgwii commented 6 years ago

I wouldn't want explicitness. Rate-limiting would have to apply to all requests

trgwii commented 6 years ago

So this exists🤔

https://github.com/telegraf/telegraf-ratelimit/blob/develop/readme.md

wojpawlik commented 6 years ago

That's a different thing, that's for anti-flood

trgwii commented 6 years ago

Oh, incoming messages? Damn..

wojpawlik commented 6 years ago

I found there 2:

https://github.com/sindresorhus/p-throttle https://www.npmjs.com/package/promise-rate-limit

wojpawlik commented 6 years ago

Rate limiting is a good idea, but banning people who add bot after bot would be a good idea, as that'd stop them from trying to add next bots. The main problem is, how to keep track of how many bots one person have added recently, warnings sound like the simplest solution... but unsure if the most elegant.

SitiSchu commented 6 years ago

Should we keep this open or just advice users to disable that users can add other users? Keeping that feature enabled is basically opening your Door to spam anyway.

wojpawlik commented 6 years ago

Keep open.

Although, advising users to disable adding members is a good idea as well.

SitiSchu commented 6 years ago

The trend has moved to userbots joining themselves as of now, so this can wait I guess.

wojpawlik commented 5 years ago

Dario, [11/8/18, 4:41 PM] [In reply to Ginger++] well, we tested a bit and is not like that anymore

Dario, [11/8/18, 4:41 PM] also, time ago I requested for those limits increasing and since that day, we can ban and delete more

Dario, [11/8/18, 4:41 PM] I tried yesterday and we are able to ban up to 150 members per token in 5 seconds

Ginger++, [11/8/18, 5:18 PM] [In reply to Dario] That's awesome.

Dario, [11/8/18, 5:23 PM] [In reply to Ginger++] yes it is but it's just a bit randomic

Dario, [11/8/18, 5:23 PM] sometimes 80, sometimes 150 or 200

Keeping open until confirmed.