Scam Hunter

What's the tldr?

Scam Hunter looks for nitro/steam scams, crypto scams, and spam that's potentially malicious. The bot evaluates messages and URLs using a variety of techniques to determine if the user has malicious intent. The bot can detect scams that have not been identified by a person yet.

Moderators of the server the bot is added to have access to the dashboard. Moderators are ignored from message evaluation, so please make sure your moderators do not get compromised!

What the bot does

The bot is specifically designed to look for key attributes common in scams. It uses a combination of tools to de-obfuscate scam message attempts that contain text and a link. If the message is identified as a scam and the user is not a Moderator, it creates a UUID for the message and the user, stores it in memory, makes a record of the event in Firestore, then deletes the message. If the same message is encountered recently and identically from the same user, the user is also kicked from the server.

If the message doesn't contain any scam attributes but has a link, the bot will visit the link, impersonating a user to investigate data about the site. If the site seems to be pretending to be a service such as Discord, Steam, or a few others, the bot will flag the message as a scam and follow the protocol for deleting/kicking outlined above.

Additionally, the bot has anti-spam tactics to address users spamming with potentially malicious intent. Spam can come in the form of images, links, or just text, usually across multiple channels. Most spam will be warned before a kick is issued.

The bot is not perfect, but since it's creation on December 25, 2021, the logic and sophistication of the bot has grown to the point that it no longer really needs supplementation from other anti-scam/anti-spam bots. Feel free to add backups, by all means, just know that the logic has grown quite a lot over the years.

Scam hunter's hit rate is near 100%, but it's not perfect. Mods still need to be ready to remove links it and other bots may miss. No bot is perfect, but hopefully this bot reduces the Moderator workload dramatically.

Some server configurations that can cause the bot to be less effective:

• message cooldowns may interfere with malicious intending users spamming enough for spam to be detected
• image cooldowns may interfere with the bot's ability to identify a new spam scam involving posting "unique" images in multiple channels

Required permissions

The bot needs the following permissions to function:

• Kick Members
• Read Messages/View Channels
• Send Messages
• Manage Messages
• Read Message History

Additionally, in order to kick users, the bot must have a role above all users you wish to kick. NOTE: the bot will only kick users that do not have the Manage Messages permission in the server. Moderators should not be kicked by the bot.

The bot was originally deployed without slash commands. Some slash commands have been added such as the log command. To enable it, you may need to re-invite the bot to update the scopes. You should not need to kick the bot.

To log all malicious detections, do /log to:CHANNEL.

Setting up the bot

Step 1: Add the bot to your server

Step 2: Move the bot role above other user roles

Step 3: Get some coffee (or tea). You're done!

Step 4: Optionally, enable logging so you can see what scams are removed by issuing /log to:CHANNEL

Fine, I'll do it myself...

Rather run your own copy of the bot? Feel free to fork the GitHub repo, then follow the instructions to setup your own instance!

The bot is provided free of charge. I am not monetizing it, and I have no intent to monetize any aspect of it in the future. The servers I designed it for originally are the r/Splatoon and r/PokemonUnite Discord servers. Special shout out to the Trackmania community for all your feedback in what is working and what isn't with the bot that has made it as sophisticated as it is today!