search

zaanposni / discord-masz

MASZ is a selfhostable highly sophisticated moderation bot for Discord. Includes a web dashboard and a discord bot.
https://discord.gg/5zjpzw6h3S
Other
71 stars 17 forks source link

System to prevent users who’ve been recently banned from joining back #523

Open UponAnonymous opened 2 years ago

UponAnonymous commented 2 years ago

To give a little more context, users who’ve been banned from a server usually use VPNs or make new accounts to bypass Discords huge flaw.

So the way that could be done is a system that can detect if someone is using a VPN or any type of spoofer as well as if an account has recently been created. Both of these features could be enabled or disabled if needed, as well as the account age detector could be configured to the users specification.

For the VPN / Spoof detection could be when someone joins the server, they’re asked to follow a link to the webpage. From there the webpage can detect if they’re using anything to try and bypass. If the user is, they get removed, if not they can either get a role or be allowed in the server.

zaanposni commented 2 years ago

As discussed in discord it appears that there are already good bots out there for this purpose.

Furthermore, there are multiple issues that need to be thought through when implementing this system as there are many possibilities for false positives and false negatives.

Therefore, I am not closing this issue but rather leave it open for further discussion.

FeroxFoxxo commented 1 year ago

The only way of doing this is to have a list of known VPN ip addresses that MASZ could tap into. User flow would be to require visitation of the front end to verify their address on joining, check it against a list of known (banned) IP addresses from previous verifications of users, and finally find whether it is banned, before authentication of the user (should be done on server).

http://getipintel.net/ is free and could be used. Some APIs require the site owner to have a key though, which is the major downside. Could be stored in the AppSettings model, with the feature unable to be enabled unless existing.

For a direct list of IPs to search between, rather than using an external API, you can use https://www.dan.me.uk/tornodes for TOR exit nodes, https://www.iblocklist.com/list?list=xoebmbyexwuiogmbyprb for proxies, and https://lite.ip2location.com/database/px1-ip-country for VPNs.

There is no technical way to get whether a user has a VPN through challenges, and you'll have to rely on a list like so.