Add "DM other users" as permission for roles
Hello! Big fan of discord here, been building communities for 4 years now. Love it!! However I've been having a lot of issues with bots joining my servers, and DMing people spam, fake giveaways, or spam.
Even though my servers all have "Emote this message to join", which helps us catch the bots, the bots can still DM users before the mod team can catch them.
As a solution to this, I propose adding a "DM other users" permission for roles and users. This way, a user doesn't have the ability to DM others unless the permission is enabled. It can definitely be enabled by default, and then if servers can do what they please with it.
It would be absolutely amazing if this could block DMs if the user is lacking the DM permission in any other servers too, so that way the bots can't DM people by having a mutual server with them. It should also affect the API so the bots are not able to DM users if they lack the role to do so.
I absolutely love Discord, but this has been a huge issue in all communities I manage. I hope this is a good solution that can be implemented easily.
Thank you!
-
Yes please.
17 -
It should also respect the setting "Do not allow sending messages for 10 minutes" and prevent sending DM messages to server members
9 -
Please Implement this ASAP!
It's annoying to see Bot's raiding your discord server just to send ADs to your whole community.
This raid Bot's even manage to escape the welcome/captcha channel and send Direct Messages to all our users without even seeing them in group/online list.
18 -
Yes please do this suggestion mainly to avoid those bots!
As moderation verification level support that to disallow dm it should not be much harder to add permission well? or add a option to disallow dm if user don't have any roles16 -
This is definitely a huge issue on my guild. It gets raided often with advertising selfbots. Hundreds of them will join the guild and each of them will dm a few members of the guild. I turned on the double table flip verification level to hopefully stop these adbots, but that didn't stop them. Somehow they have verified phone numbers.
I know of several servers which have tried to block the bots by adding a verification system. When a player first joins a server, they are stuck in a welcome channel and are unable to see any other channels. The player must then fill out a captcha. When they do so, they lose access to the welcome channel and are granted access to the other channels. This method does not prevent bots because bots are able to use the API to view all players in a guild, including the players who would not be shown in the player list.
There were a couple of parts that I would like to change from your suggestion. First, I think it's fair to let players without this permission to still be able to send direct messages with bot accounts since that isn't bugging anyone. It is also a method of obtaining roles for some servers. My server for instance, uses DiscordSRV, so roles are obtained by dming a bot. You also said that dms should be blocked if the user is lacking the dm permission in any other of their mutual servers. If we do this, players could just leave the server where the permission is denied to them, and that would then let them be able to dm the other player. I think it makes more sense if players were able to dm other players as long as they have the dm permission in at least 1 mutual server.
The problem is bigger than just spam and ads though. Less than a month since I first posted this message, the SpeakJS server of over 10 thousand members was the target of one of these attacks where hundreds of adbots raided the server, each dming a few other players the typical scam - "You have been randomly selected... You won 0.6711 BTC... Sign up on..." These bots are a major issue. People could seriously get scammed with something like this. Discord, please implement this suggestion.
18 -
Hi! I'm Ross from TLDR News,
Our server currently has 3300+ users and is growing at a healthy rate. We've recently run into an issue with our server being targeted by bots along the same lines as previous comments above. Having the ability to only allow our users to DM each other once they gain a certain role or even after a time period has passed. This would be super beneficial at tackling this recurring issue regarding bots or users with advertising intentions from harassing our active users.
Commenting here to show our support for this feature!
Discord please implement a workaround for this.
12 -
banning the selfbots and the raid bots should be a #1 priority for discord until this permission is added.
2 -
@tldrross
I would suggest that each and every Discord user who faced problems with self and raidbots comment here to get Discord Developer's attention to these problems and a simple solution provided by community.
2 -
I'm a proud colleague of @tldrross, and just wanted to add my two cents.
In a week where Twitter themselves was targeted in a large scale attack, it is only right that the matter of DM security is of utmost importance; when it comes to the incident on our server, the bots in question were pushing cryptocurrency scams which could have been detrimental for anyone who may have fallen for it - whether in our server or beyond.
It was ultimately due to the quick thinking of our moderation team that the incident was able to be isolated - but this still took an immense amount of time out of our schedules. Personally taking the lead in resolving the incident, I had to *manually* ban 51 bots.
The issue being, as others have highlighted, a simple and practical solution exists: making the option of direct messaging other users a specific role permission, or otherwise just not making it the default option! This ought to be implemented without delay.
10 -
Hey there! Yvo here, moderator from TLDR News Discord.
This issue sort of haunts me since I started building own Discord Servers and / or being a moderator; I have witnessed several bot incidents, as described by Nelson and Ross as well as earlier commenters.
It also broke off some discussion about the connection, or rather the inexistent connection between DMs and server permissions. As servers do act as an "address book" for bots to source DM contacts I believe that the "shared servers" feature should be extended so that direct contacts (if they only exist over one server, or multiple servers with the permission turned off) are not possible unless proactively accepted. As already possible in the user-side feature of blocking DMs from certain servers, just server-side.
I see the differentiation between server roles and private settings but do urge you to issue some sort of preventive system other than having to rely on personal user action as in that case personal responsibility comes flying back at server owners and / or moderators.
3 -
Hi all, I’m also a moderator on the TLDR News Discord.
I do wonder if you are facilitating GDPR violations with these unsolicited scam messages being sent over your platform. I’m not sure whether that puts you in the wrong, however it certainly should be something that you should be actively moving to prevent. If you want to have advertisement on your platform then do it right and don’t allow it to be sent for free.
4 -
Hi everyone I'm Knight a moderator on the TLDR server.
The issue that we had with the immense amount of bots was extremely frustrating to say the least.
In a matter of minutes the server had been reduced to anarchy with users all enquiring as to what was happening.
I fear that if not for our excellent moderation team and the better judgement of our users incredibly bad things may have happened.
A possible fix I may suggest is that the user wouldn't be able to receive messages as the default option then they can enable messages from specific server at their own will.
5 -
With this permission implemented, we'll be able to secure our server members even further from trolls and scam bots. I have my fair share of bots joining in to advertise scams and people spamming my DMs despite being unverified. I think this should also be log-able for Moderation bots like MEE6 or Dyno that way, Server Moderators can immediately look into the DM and ban the member or bot if it's a valid reason, say spamming or is a Self Boat. But a flaw to this would be privacy. I don't really feel secure with Mods being able to see the DMs of others.
2 -
Let's clarify how this can work.
So we have a `newbie` or `everyone` role.
This role cannot DM anyone when the flag is set unless they are friends. But they also can send friend requests to other server members as long as their settings allow that (optimally?).
A Bot can DM such members because it's a 'Verified' Bot. It can be MEE6 or Dyno or a custom one, does not really meter.
Once the server member is promoted to a role where the 'DM others' is allowed, they will be able to DM other server members as long as their settings allow that.
There are Zero privacy risks of any kind.
It's a simple as 'Server Privacy' -> 'Allow direct messages from server members' that disables this setting per role even if a member allowed DMs.
3 -
Hey, I'm a mod on a sizeable Rocket League community Discord where we've also been having this exact issue, apparently along with a number of other RL servers. I tell you, it's a chore going through the list and banning them individually. We've increased our moderation settings and still hasn't helped us, and I definitely think that having a permission for DM-ing other users should be something we can enable or disable on a server or even per-role basis.
In our example, these bots named "gift bot" or "gift bot (RL)" have been joining our server in batches of fifty and spamming random users with a message telling them they have been gifted a free in-game item! They are given an item code and a link, which I'm told tries to get them to sign in to a fake Steam page to hijack their account. This might sound like it's far too obvious a scam, but RL has a playerbase which is quite young and potentially naive. As well as this, Rocket League does have an item rewards scheme that ties into their pro-league Twitch streams, which at one point (no more, thankfully) did use a bot to inform you you'd been given an item. I can see some fans being primed to think maybe an account that purports to be a bot and uses Psyonix's (the game developer) logo could be legitimately giving items to fans in RL communities.
Obviously, to people who have seen these kinds of things before, this is not the case, it's clearly a scam. But like I say, a lot of kids, and actually a lot of naive people who aren't kids but still don't think too critically about this kind of stuff. As mods we should be limiting the opportunity for people to be able to do these kinds of things, right? So I find it frustrating that these bot accounts are so pervasive and hard to keep away, but we have banned something like 200 of them over the past few days.
Our mods have talked about what the problem might be and if there's a way we can work around it with the tools we have. None of our permissions seem to apply to this issue. Being able to control who can DM people on our server would be helpful, but even then that might not solve the problem. One of us wondered if they were just joining the server as a way of getting to the user list, in which case we'd need a way to stop new unconfirmed accounts from seeing who is on our server. If this is possible with roles, it'd require some convoluted setup. Perhaps we have to create a new user room for the default role then give every user a non-default role that is unable to read messages from or interact with the new user room. Would that be a doable workaround?
Seriously I'm so tired of banning fifty identical bot accounts every day or two, you guys.
2 -
Yes. We definitely need this. My 900+ member server has been hit 3 times in the last month by spambots massively joining our server and DMing our members with phishing messages. We had to revoke all invite links to put an end to it, for now. As a result of those attacks we even lost a few frustrated members. Security isn’t something to take lightly. Having a role-based option to prevent members from sending DMs is the definite solution.
2 -
Heyo, I’m the owner of D2Sanctuary, and we have a pretty easily to implement current solution to this problem.
At the moment we have duplicates of our three main welcome channels (Welcome, Rules, and Registration) in a separate category called “Buffer”. When folks join they can only see the buffer channels until the register after which they no longer have access to the buffer and instead see the duplicated welcome and rules channels (but no registration channel). This keeps it so that only staff can see the new folk who join along with other new folks. This keeps it so that even if we did get bit spammed, it would be isolated to the buffer category and all of its unregistered users. But would never spread out to our Registered ones.
-3 -
Hi Zethalon,
You miss-understand the problem, we at TLDR News also have this setup (or simillar anyway). The problem is regarding DMs (direct messages) to users. The default Discord setting is to allow members of common Discord communities to communicate via DMs. There is an option to deny this, only let friends message you, however this blocks any of our bots from being able to communicate with our users through DM, which is necessary for us when we run an anonymous poll, or if users want to have reminders from the remind function, amongst other issues.
The scenario, that will happen periodically to some servers, less often for others, is that a bot joins, sends a DM to every single user advertising services/trying to con you/spreading fake news/etc, they could do anything. No problem you say, just block them. Ok, sure, what about the other 50+ bots that joined in the same second? This then puts un-necesarry stress on moderators, it puts the community at risk, and it can't be protected against with any roles. This is the issue this thread is looking to address.
I hope that explains it better,
Kind regards,
Pig
3 -
Hello Zethalon
Hello TheFlyingP1g
We also have a similar design where new users first land in a `Lobby` channel where a Captcha like bot asks them a question.
The problem is, that self-bots are still able to DM community members disregarding whatever the official client can list them or not.
Also regarding `Bot` account. I do think that this kind of officially verified/allowed applications must be excluded from the `DM Others` rules. Or at least have `DM others` enabled by default.
4 -
We also face these issues, where we use discord for school. We need instructors to reach out the students, but students reaching out each other is causing some issues.
We need to put some restrictions on who can DM who. That would be super beneficial if we can have in the roles settings if the role's user can dm anyone from the server, or can get DM'd.
3 -
Omar Alibrahim, I like that approach, it kind of enables communities to have sub-communities for particularly large servers, which I think would be cool.
1 -
I am an owner of a guild of 2000+ members and we do be struggling from such an issue where the dm perms should be added to the role settings asap, what the hell is discord even doing about all of this???
2 -
We had a discord server for a student society and the Vice president was mistreating and abusing me. All of a sudden, he told the owner at that time to transfer ownership to me and leave. I found something suspicious but I did not bother much. The problem is that over the last few weeks, the former Vice President and a few other people are spamming everybody to leave my server and I have been shared screenshots of it. Though we rebuilt everything now, we were left with only three members at one point (we had 80 members before the ownership was transferred to me). When we started partnering and getting new members at we were at 50 members, he sent a spy to observe the happenings of my server. I trusted him and gave him more permissions but he ended up raiding my server (which bans all the members below the bot used to raid which made us lose 45 members. We have only 40 members now.
This problem is happening very often. Whenever we mute or ban someone on my discord server, some 10 to 15 people suddenly leave in a span of 3-4 hours. Please bring this feature as soon as possible.
4 -
I can't agree enough with this, it is very badly needed since you may want to be able to receive DMs from trusted members of a server with a high role yet keep your DMs private from newly joining people.
4 -
This really should be your top priority right now to implement, we are banning something like 500 users every month on our server because of DM spam.
5 -
This is without a doubt one of the most needed features, i'm not sure what is taking you guys so long.
It is a cookie jar for any spammer to come into the server and DM hundreds of thousands of members with promotional/advertisements and yet it hasn't been implemented.
I have 33,000+ members and am constantly being raided... HELP!4 -
Please please please.
This could also be implemented as a role checklist in the users privacy settings.
When I right-click on server -> privacy settings ..
Somewhere under the "Allow Direct messages from server members" to constrain what types of server members I as a user wish to allow.
Everyday I'm getting DMs from rando bot users on popular servers. Block -> Remove ...1 -
This has been a requested feature for a long time. how is this not a thing yet while Discord logo downgrade is a thing.
3 -
this is simple fix to all the spam botting on discord, how is Discord so slow on implementing it?
shouldn't user safety (blocking malware/scam links) be your priority over new features?
it's disappointing 2years passed with no update on this, because everything is there - you already have option to block new user actions for X mins and block dms from non-shared servers. Just add 1 toggle button to roles.2 -
Agree this is a MUST DO NOW issue.... all I want to do is stop the unverified role from DM's .... I see other threads requesting this feature going back even longer..... c'mon discord!
1
댓글을 남기려면 로그인하세요.
댓글
댓글 34개