Using RainRatBot for Moderation - Bot defense - Frequently Asked Questions

Q: When you say "looks like a bot" [Step 3], what does that mean? What if it has a false positive?

A: I won't give the exact method, because it's subject to change as new Rogue bot patterns are found. Legitimate bots are limited in what information they can retrieve from profiles. My bot looks at:

• The @username
• The First and Last name provided to Telegram
• The number of profile pictures

If there is a false positive, most users clear it just by introducing themselves, which they were likely going to do anyway. Group admins are also given a command they can send to RainRatBot, if they wish to vouch for the user. If it still gets as far as banning a user, the group admins can unban like any other ban. RainRatBot doesn't (yet) maintain any ban list of its own, so the unbanned user is treated as just another new user when they rejoin.

Q: What if the suspected Rogue bot adds the Telegram-recognized bot during the 5 minute watch period?

A: If any user adds any Telegram-recognized bot to a group that's using the bot protection, the admins will get a separate PM about that. Not all Telegram-recognized bots are bad, but the admins usually want to know about it.

This is what it looks like when RainRatBot notifies the admins about a Telegram-recognized bot (I blacked out the name because it's a legitimate bot used to test, and I don't want to give the impression it's a bad bot.)

Possibly a future version will allow group owners to set a policy about Telegram-recognized bots.

Q: What if the Rogue bot is the one that sends messages to the group, and it does it within the 5 minute watch period? Would RainRatBot accept it as a actual user then?

Yes. But then we're getting into a completely different problem than the one I set out to solve. The group admins will still have gotten a message from RainRatBot about it when it first joined, so they know something's up.

If Rogue bot behaviour changes, then I'll be updating my bot to keep up.

Using RainRatBot for Moderation - Bot defense - Usage

This is a continuation of the previous blog, which explains the background of the problem.

From what we've seen, these Rogue bots enter our Telegram groups, say nothing, and if they're left in the group, they add a Telegram-recognized bot that posts a stream of spam. I added a defense against these Rogue bots to RainRatBot:

1. Watch for new users joining the group
2. Look at the profile of the new user to see if it looks like a bot
3. If it doesn't look like a bot, nothing else happens, otherwise RainRatBot will send a message to the group asking them to introduce themselves.
4. Then it sends a message to the group admins that a suspected bot joined.
5. Then it starts a 5 minute timer and watches the group for new messages during that 5 minutes.
6. If the suspected bot sends a message to the group during the 5 minutes, RainRatBot will assume they are real, cancels the timer, and does nothing else.
7. If it is still silent after 5 minutes, RainRatBot will:
8. Ban the rogue bot.
9. Send a message to the group telling them that the Rogue bot was removed.
10. Send a message to the group admins telling them that the Rogue bot was removed.

This is how it looks in the group:

I do like my movie references; if you don't like the Robocop theme, the messages can be customized on a per-group basis.

All the moderation functions are locked to groups where the group owner requested them. If you just add RainRatBot to your group, it will only do the Fursuit Identification described in the rest of this blog. I made a form to make it easier to request the moderation functionality.

Using RainRatBot for Moderation - Bot defense - Introduction

A Telegram bot is a software program that sends commands to and receives messages from the Telegram network. It's programmed to take specific actions even when not directly supervised by a person.

When used as intended, a Telegram bot is a useful thing, supported by the Telegram developers, who even provide an interface for bots to talk to their Telegram servers. I will call these "Telegram-recognized bots". These bots:

• Always have a @username that ends in "bot".
• Can't join groups, they have to be added by a person.
• Can't initiate private conversations with users.

On the other hand, there are bots that don't follow these restrictions. The Telegram protocol is open enough that developers can write programs that talk to the Telegram servers exactly how a user using a Telegram client program would. I will call these "Rogue bots".

• Does not have a @username that ends in "bot" (or may not have an @username at all).
• Can join groups.
• Can initiate private conversations with users.

This is an example of a "Rogue bot". It joined the group on its own(circled at bottom), and its user name does not end in "bot".

Why am sure it's a Rogue bot and not just a new user? It follows a very predictable pattern that we've seen over and over:

• The last part of the @username, after "Gretta", "Zo0rs" is a random combination of letters and numbers. After seeing dozens of Rogue bots, that part of a username is always exactly 5 letters or numbers.
• They join groups with very specific audiences, yet never say a word, even when multiple users reply trying to get them to say something. If a Rogue bot was simply not programmed to reply to anything, this is the logical explanation for why they don't reply to even simple questions.

If you're interested in seeing the patterns of bot activity, feel free to join the read-only channel @rainratbotreports 

What's the purpose of these Rogue bots joining groups? If it is not removed from the group, we've seen cases where the Rogue bot adds a Telegram-recognized bot to the group, which then quickly filled the group with spam messages. In theory, the Rogue bot could also spam the group directly, but adding the second account is how we've seen it happen so far.