Scam Hunter

What's the tldr?

Scam Hunter looks for nitro/steam scams, crypto scams, and spam that's potentially malicious. The bot evaluates messages and URLs using a variety of techniques to determine if the user has malicious intent. The bot can detect scams that have not been identified by a person yet.

Moderators of the server the bot is added to have access to the dashboard. Moderators are ignored from message evaluation, so please make sure your moderators do not get compromised!

What the bot does

The bot is specifically designed to look for key attributes common in scams. It uses a combination of tools to de-obfuscate scam message attempts that contain text and a link. If the message is identified as a scam and the user is not a Moderator, it creates a UUID for the message and the user, stores it in memory, makes a record of the event in Firestore, then deletes the message. If the same message is encountered recently and identically from the same user, the user is also kicked from the server.

If the message doesn't contain any scam attributes but has a link, the bot will visit the link, impersonating a user to investigate data about the site. If the site seems to be pretending to be a service such as Discord, Steam, or a few others, the bot will flag the message as a scam and follow the protocol for deleting/kicking outlined above.

Additionally, the bot has anti-spam tactics to address users spamming with potentially malicious intent. Spam can come in the form of images, links, or just text, usually across multiple channels. Most spam will be warned before a kick is issued.

The bot is not perfect, but since it's creation on December 25, 2021, the logic and sophistication of the bot has grown to the point that it no longer really needs supplementation from other anti-scam/anti-spam bots. Feel free to add backups, by all means, just know that the logic has grown quite a lot over the years.

Scam hunter's hit rate is near 100%, but it's not perfect. Mods still need to be ready to remove links it and other bots may miss. No bot is perfect, but hopefully this bot reduces the Moderator workload dramatically.

Some server configurations that can cause the bot to be less effective:

• message cooldowns may interfere with malicious intending users spamming enough for spam to be detected
• image cooldowns may interfere with the bot's ability to identify a new spam scam involving posting "unique" images in multiple channels

Required permissions

The bot needs the following permissions to function:

• Kick Members
• Moderate Members
• Ban Members
• Read Messages/View Channels
• Send Messages
• Send Embeds
• Manage Messages
• Read Message History

Additionally, in order to action users (kick, ban, or time out, your choice on what you choose to grant), the bot must have a role above all users you wish to action. NOTE: the bot will only action users that do not have the Manage Messages permission in the server. Moderators should not be actioned by the bot.

The bot includes two slash commands to make diagnosing and controlling the bot's behavior easier.

Bot activity logging to a channel

The bot has the ability to log actions it takes to a channel of your choosing. To enable the log command, you'll want to ensure the bot has the following permissions on the channel you wish to log to:

• Read Messages/View Channels
• Send Messages
• Send Embeds

Bot behavior controls

You have the control to enable and disable rulesets for your server as well as decide if the bot should kick, timeout, or ban a user found to be spammy (usually after a warning unless they're spamming 4 images across channels) or malicious.

By default, the bot will have the following rules enabled:

• nitro_steam_spam: Common Nitro/Steam phishing attempts involving both a link and suspicious text.
• malicious_redirects: Contains URLs that upon inspection include terms commonly used to impersonate a handful of sites such as Discord or Steam logins.
• image_spam: The user is spamming the same image(s) across channels (often containing requests that the user take some compromising action).
• link_spam: The user is spamming links across channels. These often include Discord links that are intended to compromise the user's account by asking the user to "verify" their account in an external website.
• text_spam: The user is spamming approximately the same text across channels. This is often to done to request the user engage in a compromising financial transaction via DM or a 3rd party service.
• removal_action = kick: The default action the bot will take to remove a user from the community once they've been determined to be compromised or malicious.

The supported removal_actions are:

• Kick (default)
• Timeout (3 days)
• Ban

I personally do not recommend ban as I have seen users recover their accounts in the past. It isn't super common, but it's common enough that ban instead of kick creates a burden on the mod team in the future to unban the user.

Timeout is usually an acceptable option. The upside is it gives the moderation team time to evaluate the bot's behavior further before full removal from the server. The downside (and reason the bot defaults to kick) is if the user really is compromised, compromised accounts could move to DMs to users instead of messages in the server until the moderation team chooses what further action to take.

Setting up the bot

Step 1: Add the bot to your server

Step 2: Move the bot role above other user roles

Step 3: Get some coffee (or tea). You're done!

Optional step: Enable logging so you can see what scams are removed by issuing /log to:CHANNEL

Optional step: Adjust bot behaviors by issuing /behavior [options...]

Fine, I'll do it myself...

Rather run your own copy of the bot? Feel free to fork the GitHub repo, then follow the instructions to setup your own instance!

The bot is provided free of charge. I am not monetizing it, and I have no intent to monetize any aspect of it in the future. The servers I designed it for originally are the r/Splatoon and r/PokemonUnite Discord servers. Special shout out to the Trackmania community for all your feedback in what is working and what isn't with the bot that has made it as sophisticated as it is today!