So I've seen a few threads made concerning this issue over the last few days, but no one seems to be addressing the main issue; the spammers themselves. So in this thread, I'm going to be discussing a few ways of how we can stop these spammers before they even start. 1. AntiBotSpam (ABS) - As the server is right now, the only anti spam protection we really have is the 3 second cooldown, and blocking people from sending the EXACT same mesage. Which both have flaws, since people can easily bypass the cooldown by using multiple accounts. And they can simply change one character and it no longer gets blocked. What I believe should be done is that, instead of just checking for the exact same message, the ABS should check the actual word/character contents of the message, and compare it with their last sent message, as well as the last sent message from everyone in chat. This way, if they say the same (or a similar) message as someone else or what they last said, it will be blocked. And it could possibly be logged somehow, if needed. And if, let's say, 4+ people say the same message in a row within half a second, they will be flagged as a possible spambot and all staff online will be notified. And in extreme cases, let's say 10+ accounts, they can all be automatically perm muted. This way, the problem can be addressed before it even becomes a problem. This would also render those spam messages with randomly generated numbers/chars effectively useless, as the plugin would pretty much ignore them entirely. So for example, a player says this: "This is a message [#2048105183]" "This is a message [#3810927494]" ABS would detect that the "This is a message" is the exact same, and block the message for it. And, in the case that this fails because every message from every account is completely random, which I've personally never seen, there can also be a system in place to check how fast messages are sent. Because let's be honest, there's very rarely ever a case where even more than 2 people are going to say something in chat within a quarter of a second timeframe, just by pure chance. It would be fairly easy to detect this, and then there could be a notification sent to all online staff of a possible spambot. 2. Captcha per IP - The captcha system currently in place is very good at stopping these massive spambot attacks, however I feel like it could be better. Now that some spambot software people use makes every account have a different IP, it's impossible to ban them all with a simple IP ban. That's why I believe that the captcha should reset and be required to complete again if the player's IP changes. Since the spammer still needs to manually verify all these accounts before hooking them up to the network of bots and spamming, they will more than likely have a different IP once they are put on the spambot software, so the captcha will need to be redone. Hence, no more of these mass bot attacks. As for if they run every account on the same IP, then IP bans will work as normal. If these 2 ideas are put into effect, then I would imagine that spam botting would become almost impossible. Anyways, those are my ideas. Feel free to offer criticisms or improvements below. If you want something explained more, just ask.
Gonna use my one free thread bump. Guessing no one saw this, since someone immediately bumped like 10 threads after I posted this lmao.
Awesome suggestions, I don't see why these shouldn't be implemented. These features can very easily be found in plugins such as ChatControl, and they wouldn't be too hard to develop either.
Really cool suggestions, MCC has a huge problem with Spambots, especially in Factions and the hubs. I don't see any cons with either of the options you have presented, and if these for some reason can't be implemented, there are a lot of free plug-ins to prevent Spambots. Good luck with your suggestion.
In my opinion, the best way current way to prevent spambot attacks is by adding /server (Server) to donors. Most bots use/servers to travel around servers well to spam, not all bots can use a compass and press specific items, and sure spambots might be in the lobby but at least they won't really able to travel around the server. If the bot somehow manages to open up the travel menu and click to let's say skyblock, then another thing can be created to prevent these bots, The player must move out of spawn to talk (I noticed not all bots can move) but again some can move out causing the spam to arrive. These two methods are simple to be implemented, and they can prevent bots from spamming pretty well. Again these methods would work on specific bots! Well thats just my opinion! ~Cya!
This wouldn't prevent any spamming in the lobby though. My suggestions are meant to stop spamming globally. Yeah... Something like the first suggestion I made lol If they can move out and you're aware of this then why would you even suggest it? The reason for the methods I suggested would be to deal with the more sophisticated bots, while wiping out all the smaller ones in the process as well. We won't get anywhere by using simple workarounds. Especially when they are easily bypassable.
I stated not all can do it, as I been muting these spambots very often I noticed most of them never moves, they only snap their head, and like I said above not all can move, and even if captcha was per IP what's the point of it if they can bypass captcha in the first place? Also, not all spammers do it manually, some do but some don't, you can always meet a spam bot attack thats very advance and can bypass captcha. Even if the spammer has to do captcha manually what's the point of IP captcha then? If the same bots that spammed have a chance of 10% returning? As the chance of the bot being Ip-banned is very high. The spammer would still do captcha manually for new bots whether there is IP captcha or not. Reusing alts to spam is very rare to see, most of the cases new bots would arrive rather than the old ones. Ip-captcha isn't the answer (in my opinion) again all my opinion, ~Cya!
Hi there! In my opinion, the best way to prevent spambots is to have a verification code before being able to move or type. This means that every 30 days, you would be given a code in the global chat and you need to type the exact characters in order to move. If you type anything else (like a spambot message) then it would just say "wrong code" and not let you do anything until you type the correct one. It doesn't need to be 30 days. What I also mean by this, for example, every time you join a different subserver, you would need to put a code and not just a captcha as we have now. Have a great day!
The IP Captcha wasn't really the main point of this thread, but the idea behind it is to stop those bots that somehow have all different IPs, since those are the ones that can't simply be ip-banned. It is true that this would be pointless if they could complete the captcha with the bot manager tool. But as far as I know, there is no public tool out there that would have the features necessary to complete the captcha. So either people are using their own custom-coded ones (not likely), or they're doing the captcha for all the accounts manually before logging them all in at once to start spamming. Pretty much all console clients and (I'd assume) most botting tools let you view the chat, so this would be kind of pointless.
