Using RainRatBot for Moderation - Community Ban List

If you've been using RainRatBot for defense against rogue bots, as described in https://rainratbot.blogspot.com/2018/08/using-rainratbot-for-moderation-bot_28.html you've seen it remove the rogue bot from your group after a short time. Without a Community Ban List, even if it already removed the rogue bot from another group, it's treated it as a completely new user when it joins your group. The first version of the Community Ban List was called the Global Ban List.

Any user on this list will immediately be banned as soon as they enter any participating group. This is the list for rogue bots, and the worst of the worst(real users who are a hazard to any group they join).

Users will be checked against Community Ban List as they join. Existing users will not be affected.

/rrbglobalban [user id] [reason]

Adds user id to list. (ie. /rrbglobalban 123456789 spambot) 

You must fill out the reason. Only users in the authorized group can use this; if someone outside wants to add a ban, they ask someone in the group.

/rrbglobalunban [user id]

Authorized users only. Removes user id from Community Ban List.

/queryglobalban [user id]

Authorized users only. Check if the user id is in the Community Ban List and provide the supporting information if so.

There is also an Appeals function in case of a mistake.

/rrbrequestglobalunban [reason]

Any user may use; id will be recorded. Only brings to attention of authorized users. Does not change the ban list. Each user can only appeal through the bot once, so include all the relevant information in [reason].

Using RainRatBot for Moderation - Summary

Since the list of moderation features was spread across multiple blog posts, I'm making a summary post of what features are available and how they are activated.

Just by adding @RainRatBot to your group:

• Remove known-bad user ids (Requires "Ban users" permission)
• Remove known-bad display names (like "DEX airdrop") (Requires "Ban users" permission)
• Remove latest spammers that write "hi", then edit their message to contain a link. (Requires "Ban users" and "Delete messages" permission)
• Identify fursuits in photos if confidence above 90% (Can be suppressed per group, PM me for assistance)

Requires configuration:

• Challenge suspect-looking accounts as they join. (Can also be configured to ban them. Requires "Ban users" permission if banning requested.)
• Privately inform moderators about suspect images, suspect keywords, users using @admin, and Telegram-recognized bots.
• Delete stickers and/or GIFs (only if specifically requested) (Requires "Delete messages" permission)

If you're expecting one of the ones that requires configuration to be active in your group, PM me for assistance.

Using RainRatBot for Moderation - Bot Defense - Keywords Update

When I first wrote the bot defense, bots joined groups and it was a long time before they actually said anything. Back then, I said that if that changed, I would update the bot defense to keep up. Now, bots typically send spam as soon as they join.

To start updating my bot defense, I started with my keyword list. I added four public lists of spam pitches, subject lines, and domains. They were mostly oriented to email spam, but it's a starting point.

Now, if a suspected bot joins and posts text that matches something on the keyword list during the watch period, they get banned, and RainRatBot automatically deletes the spam.

I highly recommended users that use the anti-bot measures in an SFW group also give the keyword list a try. I've made dozens of additions and deletions based on feedback from group owners. In a typical SFW group, I'd expect about one false positive per year. You can ask that the keyword list be notification-only to give it a try.

Using RainRatBot for Moderation - Global Ban List

This is obsolete; the Global Ban List is now called the Community Ban List.

https://rainratbot.blogspot.com/2020/09/using-rainratbot-for-moderation.html

If you've been using RainRatBot for defense against rogue bots, as described in https://rainratbot.blogspot.com/2018/08/using-rainratbot-for-moderation-bot_28.html you've seen it remove the rogue bot from your group after a short time. Up until now, even if it already removed the rogue bot from another group, it's treated it as a completely new user when it joins your group; there hasn't been a Global list of rogue users, until now.

Any user on this list will immediately be banned as soon as they enter any participating group. This is the list for rogue bots, and the worst of the worst(real users who are a hazard to any group they join).

Users will be checked against Global Ban List as they join. Existing users will not be affected.

Obsolete. See https://rainratbot.blogspot.com/2020/09/using-rainratbot-for-moderation.html

Anyone can request a global ban, however, only authorized users can approve additions.

/rrbglobalban [user id] [reason]

Adds user id to list but does not activate the ban. (ie. /rrbglobalban 123456789 spambot)
You must fill out the reason. Any user in any group may use this. The requester's user id is logged.

/rrbglobalunban [user id]

Authorized users only. Removes user id from global ban list.

/sendglobalban

Authorized users only. Reply with the proposed global ban list.

/reloadglobalban

Authorized users only. Until this command is used, changes made with /rrbglobalban, and /rrbglobalunban will not be active.

There is also an Appeals function in case of a mistake.

/rrbrequestglobalunban [reason]

Any user may use; id will be recorded. Only brings to attention of authorized users. Does not change the ban list.

/sendglobalunbanrequest

Authorized users only. View the unban requests.

Using RainRatBot for Moderation - Bot defense - Frequently Asked Questions

Q: When you say "looks like a bot" [Step 3], what does that mean? What if it has a false positive?

A: I won't give the exact method, because it's subject to change as new Rogue bot patterns are found. Legitimate bots are limited in what information they can retrieve from profiles. My bot looks at:

• The @username
• The First and Last name provided to Telegram
• The number of profile pictures

If there is a false positive, most users clear it just by introducing themselves, which they were likely going to do anyway. Group admins are also given a command they can send to RainRatBot, if they wish to vouch for the user. If it still gets as far as banning a user, the group admins can unban like any other ban. RainRatBot doesn't (yet) maintain any ban list of its own, so the unbanned user is treated as just another new user when they rejoin.

Q: What if the suspected Rogue bot adds the Telegram-recognized bot during the 5 minute watch period?

A: If any user adds any Telegram-recognized bot to a group that's using the bot protection, the admins will get a separate PM about that. Not all Telegram-recognized bots are bad, but the admins usually want to know about it.

This is what it looks like when RainRatBot notifies the admins about a Telegram-recognized bot (I blacked out the name because it's a legitimate bot used to test, and I don't want to give the impression it's a bad bot.)

Possibly a future version will allow group owners to set a policy about Telegram-recognized bots.

Q: What if the Rogue bot is the one that sends messages to the group, and it does it within the 5 minute watch period? Would RainRatBot accept it as a actual user then?

Yes. But then we're getting into a completely different problem than the one I set out to solve. The group admins will still have gotten a message from RainRatBot about it when it first joined, so they know something's up.

If Rogue bot behaviour changes, then I'll be updating my bot to keep up.

Using RainRatBot for Moderation - Bot defense - Usage

This is a continuation of the previous blog, which explains the background of the problem.

From what we've seen, these Rogue bots enter our Telegram groups, say nothing, and if they're left in the group, they add a Telegram-recognized bot that posts a stream of spam. I added a defense against these Rogue bots to RainRatBot:

1. Watch for new users joining the group
2. Look at the profile of the new user to see if it looks like a bot
3. If it doesn't look like a bot, nothing else happens, otherwise RainRatBot will send a message to the group asking them to introduce themselves.
4. Then it sends a message to the group admins that a suspected bot joined.
5. Then it starts a 5 minute timer and watches the group for new messages during that 5 minutes.
6. If the suspected bot sends a message to the group during the 5 minutes, RainRatBot will assume they are real, cancels the timer, and does nothing else.
7. If it is still silent after 5 minutes, RainRatBot will:
8. Ban the rogue bot.
9. Send a message to the group telling them that the Rogue bot was removed.
10. Send a message to the group admins telling them that the Rogue bot was removed.

This is how it looks in the group:

I do like my movie references; if you don't like the Robocop theme, the messages can be customized on a per-group basis.

All the moderation functions are locked to groups where the group owner requested them. If you just add RainRatBot to your group, it will only do the Fursuit Identification described in the rest of this blog. I made a form to make it easier to request the moderation functionality.

Using RainRatBot for Moderation - Bot defense - Introduction

A Telegram bot is a software program that sends commands to and receives messages from the Telegram network. It's programmed to take specific actions even when not directly supervised by a person.

When used as intended, a Telegram bot is a useful thing, supported by the Telegram developers, who even provide an interface for bots to talk to their Telegram servers. I will call these "Telegram-recognized bots". These bots:

• Always have a @username that ends in "bot".
• Can't join groups, they have to be added by a person.
• Can't initiate private conversations with users.

On the other hand, there are bots that don't follow these restrictions. The Telegram protocol is open enough that developers can write programs that talk to the Telegram servers exactly how a user using a Telegram client program would. I will call these "Rogue bots".

• Does not have a @username that ends in "bot" (or may not have an @username at all).
• Can join groups.
• Can initiate private conversations with users.

This is an example of a "Rogue bot". It joined the group on its own(circled at bottom), and its user name does not end in "bot".

Why am sure it's a Rogue bot and not just a new user? It follows a very predictable pattern that we've seen over and over:

• The last part of the @username, after "Gretta", "Zo0rs" is a random combination of letters and numbers. After seeing dozens of Rogue bots, that part of a username is always exactly 5 letters or numbers.
• They join groups with very specific audiences, yet never say a word, even when multiple users reply trying to get them to say something. If a Rogue bot was simply not programmed to reply to anything, this is the logical explanation for why they don't reply to even simple questions.

If you're interested in seeing the patterns of bot activity, feel free to join the read-only channel @rainratbotreports 

What's the purpose of these Rogue bots joining groups? If it is not removed from the group, we've seen cases where the Rogue bot adds a Telegram-recognized bot to the group, which then quickly filled the group with spam messages. In theory, the Rogue bot could also spam the group directly, but adding the second account is how we've seen it happen so far.