Spammers on Telegram, my experience of fighting
My close acquaintance with these characters of the World Wide Web began when the group I moderated crossed the two-year threshold and at that time numbered just over one and a half hundred members. Despite the narrow specialization and the almost complete absence of publications on the Internet, Google has already begun to find it and apparently posted it in spam databases.
Initially, I removed spammers manually, but this was not always possible to do in a timely manner. I didn’t initially consider the option of a closed group, so the moderation bot Combot was installed (
), which I must pay tribute to, having great functionality made my life a lot easier.
The most useful function in the fight against spam is the restriction of the privileges of new users for a couple of days, no pictures of links, etc., only text. During this time, the spammer was either killed by Telegram, or he stopped sending messages. Ordinary users, although they groaned at the inability to post photos, but endured it.
However, after a while, this method stopped working; some bots began to use delayed sending. In addition, occasionally I came across text blocks of advertising that were not blocked by this method.
Over time, Combot's functionality gained the ability to publish captchas for new users. It was a button that must be pressed to enter the group. In general, the idea works, but many spam clients are able to bypass such simple protection.
In general, the decision was made to create something more reliable with our own hands. I took the PHP|MySQL design as a basis, fortunately I have a little experience and free hosting. To create a captcha, I used the GD library, armed with theoretical materials from the article “Analysis of CAPTCHA generation algorithms” I didn’t find any built-in tools for rotation distortion in the library, so I used line-by-line processing using trigonometric functions. I decided to abandon the use of noise and lines, although this could be easily added. At the end I got this picture.
You can twist it more, but in some cases readability suffers greatly.
Now briefly about the work of the bot itself:
- Having received a signal that a new user has entered, the bot removes all privileges except for sending text;
- A captcha is generated and displayed;
- A new user enters the characters in the picture or clicks update so that the system produces new ones;
- If entered correctly, the user receives rights in the chat, the captcha and its variant are deleted;
- If entered correctly, the captcha is updated and there are 2 more attempts, after which the user leaves the chat with the opportunity to enter again 2 more times, after which he is permanently banned;
- A user who has not started entering the captcha can do so at any time, but no later than a week, after which he leaves the chat with the opportunity to enter again 2 more times
The presented algorithm has shown high efficiency not only against bots, but also against real people who do not want to waste time entering characters.
You can test the bot absolutely free by following this link @welcome_capcha_botplease note that for full functionality to work, administrator rights are required: “Deleting messages” and “Blocking participants”.
![[Личный опыт] How it works for a QA engineer in Finland: what’s wrong with the schedule, corporate culture and bonuses](https://prog.world/wp-content/uploads/2021/05/u1q6pxrhhb82yomtdtzsvwbz0ik-768x480.jpeg)
