Add "DM other users" as permission for roles

Commenti

21 commenti

  • Reg

    Yes please.

    10
  • CryptoMaximalist

    It should also respect the setting "Do not allow sending messages for 10 minutes" and prevent sending DM messages to server members

    1
  • Pirate King Online

    Please Implement this ASAP!

    It's annoying to see Bot's raiding your discord server just to send ADs to your whole community.

    This raid Bot's even manage to escape the welcome/captcha channel and send Direct Messages to all our users without even seeing them in group/online list.

    10
  • Partydragen

    Yes please do this suggestion mainly to avoid those bots! 

    As moderation verification level support that to disallow dm it should not be much harder to add permission well? or add a option to disallow dm if user don't have any roles

    11
  • DrBot

    This is definitely a huge issue on my guild. It gets raided often with advertising selfbots. Hundreds of them will join the guild and each of them will dm a few members of the guild. I turned on the double table flip verification level to hopefully stop these adbots, but that didn't stop them. Somehow they have verified phone numbers.

    I know of several servers which have tried to block the bots by adding a verification system. When a player first joins a server, they are stuck in a welcome channel and are unable to see any other channels. The player must then fill out a captcha. When they do so, they lose access to the welcome channel and are granted access to the other channels. This method does not prevent bots because bots are able to use the API to view all players in a guild, including the players who would not be shown in the player list.

    There were a couple of parts that I would like to change from your suggestion. First, I think it's fair to let players without this permission to still be able to send direct messages with bot accounts since that isn't bugging anyone. It is also a method of obtaining roles for some servers. My server for instance, uses DiscordSRV, so roles are obtained by dming a bot. You also said that dms should be blocked if the user is lacking the dm permission in any other of their mutual servers. If we do this, players could just leave the server where the permission is denied to them, and that would then let them be able to dm the other player. I think it makes more sense if players were able to dm other players as long as they have the dm permission in at least 1 mutual server.

    The problem is bigger than just spam and ads though. Less than a month since I first posted this message, the SpeakJS server of over 10 thousand members was the target of one of these attacks where hundreds of adbots raided the server, each dming a few other players the typical scam - "You have been randomly selected... You won 0.6711 BTC... Sign up on..." These bots are a major issue. People could seriously get scammed with something like this. Discord, please implement this suggestion.

    12
  • tldrross

    Hi! I'm Ross from TLDR News,

    Our server currently has 3300+ users and is growing at a healthy rate. We've recently run into an issue with our server being targeted by bots along the same lines as previous comments above. Having the ability to only allow our users to DM each other once they gain a certain role or even after a time period has passed. This would be super beneficial at tackling this recurring issue regarding bots or users with advertising intentions from harassing our active users. 

    Commenting here to show our support for this feature! 

    Discord please implement a workaround for this. 

    8
  • Skye

    banning the selfbots and the raid bots should be a #1 priority for discord until this permission is added.

    0
  • Developer

    @tldrross

    I would suggest that each and every Discord user who faced problems with self and raidbots comment here to get Discord Developer's attention to these problems and a simple solution provided by community.

    1
  • tldrnelson

    I'm a proud colleague of @tldrross, and just wanted to add my two cents. 

    In a week where Twitter themselves was targeted in a large scale attack, it is only right that the matter of DM security is of utmost importance; when it comes to the incident on our server, the bots in question were pushing cryptocurrency scams which could have been detrimental for anyone who may have fallen for it - whether in our server or beyond.

    It was ultimately due to the quick thinking of our moderation team that the incident was able to be isolated - but this still took an immense amount of time out of our schedules. Personally taking the lead in resolving the incident, I had to *manually* ban 51 bots. 

    The issue being, as others have highlighted, a simple and practical solution exists: making the option of direct messaging other users a specific role permission, or otherwise just not making it the default option! This ought to be implemented without delay.

     

    8
  • Yvo

    Hey there! Yvo here, moderator from TLDR News Discord.

    This issue sort of haunts me since I started building own Discord Servers and / or being a moderator; I have witnessed several bot incidents, as described by Nelson and Ross as well as earlier commenters.

    It also broke off some discussion about the connection, or rather the inexistent connection between DMs and server permissions. As servers do act as an "address book" for bots to source DM contacts I believe that the "shared servers" feature should be extended so that direct contacts (if they only exist over one server, or multiple servers with the permission turned off) are not possible unless proactively accepted. As already possible in the user-side feature of blocking DMs from certain servers, just server-side.

    I see the differentiation between server roles and private settings but do urge you to issue some sort of preventive system other than having to rely on personal user action as in that case personal responsibility comes flying back at server owners and / or moderators.

    2
  • TheFlyingP1g

    Hi all, I’m also a moderator on the TLDR News Discord.

    I do wonder if you are facilitating GDPR violations with these unsolicited scam messages being sent over your platform. I’m not sure whether that puts you in the wrong, however it certainly should be something that you should be actively moving to prevent. If you want to have advertisement on your platform then do it right and don’t allow it to be sent for free.

    3
  • Knight

    Hi everyone I'm Knight a moderator on the TLDR server.

    The issue that we had with the immense amount of bots was extremely frustrating to say the least.

    In a matter of minutes the server had been reduced to anarchy with users all enquiring as to what was happening.

    I fear that if not for our excellent moderation team and the better judgement of our users incredibly bad things may have happened.

    A possible fix I may suggest is that the user wouldn't be able to receive messages as the default option then they can enable messages from specific server at their own will.

    4
  • Agent Thonk

    With this permission implemented, we'll be able to secure our server members even further from trolls and scam bots. I have my fair share of bots joining in to advertise scams and people spamming my DMs despite being unverified. I think this should also be log-able for Moderation bots like MEE6 or Dyno that way, Server Moderators can immediately look into the DM and ban the member or bot if it's a valid reason, say spamming or is a Self Boat. But a flaw to this would be privacy. I don't really feel secure with Mods being able to see the DMs of others. 

    1
  • Developer

    Agent Thonk

    Let's clarify how this can work.

    So we have a `newbie` or `everyone` role.

    This role cannot DM anyone when the flag is set unless they are friends. But they also can send friend requests to other server members as long as their settings allow that (optimally?).

    A Bot can DM such members because it's a 'Verified' Bot. It can be MEE6 or Dyno or a custom one, does not really meter.

    Once the server member is promoted to a role where the 'DM others' is allowed, they will be able to DM other server members as long as their settings allow that.

    There are Zero privacy risks of any kind.

    It's a simple as 'Server Privacy' -> 'Allow direct messages from server members' that disables this setting per role even if a member allowed DMs.

    1
  • Darkflame

    Hey, I'm a mod on a sizeable Rocket League community Discord where we've also been having this exact issue, apparently along with a number of other RL servers. I tell you, it's a chore going through the list and banning them individually. We've increased our moderation settings and still hasn't helped us, and I definitely think that having a permission for DM-ing other users should be something we can enable or disable on a server or even per-role basis.

    In our example, these bots named "gift bot" or "gift bot (RL)" have been joining our server in batches of fifty and spamming random users with a message telling them they have been gifted a free in-game item! They are given an item code and a link, which I'm told tries to get them to sign in to a fake Steam page to hijack their account. This might sound like it's far too obvious a scam, but RL has a playerbase which is quite young and potentially naive. As well as this, Rocket League does have an item rewards scheme that ties into their pro-league Twitch streams, which at one point (no more, thankfully) did use a bot to inform you you'd been given an item. I can see some fans being primed to think maybe an account that purports to be a bot and uses Psyonix's (the game developer) logo could be legitimately giving items to fans in RL communities.

    Obviously, to people who have seen these kinds of things before, this is not the case, it's clearly a scam. But like I say, a lot of kids, and actually a lot of naive people who aren't kids but still don't think too critically about this kind of stuff. As mods we should be limiting the opportunity for people to be able to do these kinds of things, right? So I find it frustrating that these bot accounts are so pervasive and hard to keep away, but we have banned something like 200 of them over the past few days.

    Our mods have talked about what the problem might be and if there's a way we can work around it with the tools we have. None of our permissions seem to apply to this issue. Being able to control who can DM people on our server would be helpful, but even then that might not solve the problem. One of us wondered if they were just joining the server as a way of getting to the user list, in which case we'd need a way to stop new unconfirmed accounts from seeing who is on our server. If this is possible with roles, it'd require some convoluted setup. Perhaps we have to create a new user room for the default role then give every user a non-default role that is unable to read messages from or interact with the new user room. Would that be a doable workaround?

    Seriously I'm so tired of banning fifty identical bot accounts every day or two, you guys.

    1
  • Rockseeker

    Yes. We definitely need this. My 900+ member server has been hit 3 times in the last month by spambots massively joining our server and DMing our members with phishing messages. We had to revoke all invite links to put an end to it, for now. As a result of those attacks we even lost a few frustrated members. Security isn’t something to take lightly. Having a role-based option to prevent members from sending DMs is the definite solution.

    1
  • Zethalon

    Heyo, I’m the owner of D2Sanctuary, and we have a pretty easily to implement current solution to this problem.

    At the moment we have duplicates of our three main welcome channels (Welcome, Rules, and Registration) in a separate category called “Buffer”. When folks join they can only see the buffer channels until the register after which they no longer have access to the buffer and instead see the duplicated welcome and rules channels (but no registration channel). This keeps it so that only staff can see the new folk who join along with other new folks. This keeps it so that even if we did get bit spammed, it would be isolated to the buffer category and all of its unregistered users. But would never spread out to our Registered ones.

    0
  • TheFlyingP1g

    Hi Zethalon,

    You miss-understand the problem, we at TLDR News also have this setup (or simillar anyway).  The problem is regarding DMs (direct messages) to users.  The default Discord setting is to allow members of common Discord communities to communicate via DMs.  There is an option to deny this, only let friends message you, however this blocks any of our bots from being able to communicate with our users through DM, which is necessary for us when we run an anonymous poll, or if users want to have reminders from the remind function, amongst other issues.

    The scenario, that will happen periodically to some servers, less often for others, is that a bot joins, sends a DM to every single user advertising services/trying to con you/spreading fake news/etc, they could do anything.  No problem you say, just block them.  Ok, sure, what about the other 50+ bots that joined in the same second?  This then puts un-necesarry stress on moderators, it puts the community at risk, and it can't be protected against with any roles.  This is the issue this thread is looking to address.

    I hope that explains it better,

    Kind regards,

    Pig

    0
  • Pirate King Online

    Hello Zethalon

    Hello TheFlyingP1g

    We also have a similar design where new users first land in a `Lobby` channel where a Captcha like bot asks them a question.

    The problem is, that self-bots are still able to DM community members disregarding whatever the official client can list them or not.

    Also regarding `Bot` account. I do think that this kind of officially verified/allowed applications must be excluded from the `DM Others` rules. Or at least have `DM others` enabled by default.

    0
  • Omar Alibrahim

    We also face these issues, where we use discord for school. We need instructors to reach out the students, but students reaching out each other is causing some issues. 

    We need to put some restrictions on who can DM who. That would be super beneficial if we can have in the roles settings if the role's user can dm anyone from the server, or can get DM'd. 

    0
  • TheFlyingP1g

    Omar Alibrahim, I like that approach, it kind of enables communities to have sub-communities for particularly large servers, which I think would be cool.

    0

Accedi per aggiungere un commento.