How to prevent Bot DM spamming on your Discord Server
If you are part of any Crypto, NFT, or Stocks-related Discord, you have inevitably gotten a DM that reads something like this.
Undoubtedly, these are annoying, scammy, scummy, and a pain in the butt to report as spam and block. I am less than ten crypto/NFT related discords, and I get at least 2-3 messages like this every day. There is never-ending spam of people shilling their projects, “shit coins,” pump and dump discord servers, etc. So now that we know the problem, what is the solution?
Solution(s)
There are a few different solutions depending on who you are and what you are looking for. The easiest to implement as an end-user of a discord server is to prevent DMs from members of a given discord server.
End-User Solution
Turning off DM’s from a discord server is a solution but a stopgap at the very least. The end-user has to do this themselves and in a server with tens of thousands of members…. ya good luck with that. As a server admin in many larger servers, is there anything we can do to prevent this? Next, I will discuss what Discord can do to avoid things like this from happening before I talk about what you can do. Am I doing this “suspense” thing, right?
Discord Solution
So, I have a couple of ideas on what Discord can do on their end to prevent, or at least mitigate, these kinds of spam bot DMs.
- Allow server owner/admins to set the default option for all users to not accept DMs. This can be turned on by the user if they would like.
- Allow the premission “allow DM to other users” to be set to different roles so only trusted/verified users can message other users of the same discord server. (This might be a little tricky on their end to implement, but definitly doable)
- Detect copy paste messages being sent en mass to other users. These messages are all the same or templatized. I see no major reason that if they detect XYZ messages a second being sent by different users on the same server, to flag those as spam
Server Admin Solution
Now it is the time that you have been waiting for. What can admins do to prevent bot DM spamming on your Discord Server? I will preface this by saying it is more likely than not “technically” again Discord ToS since you will be making your own bots that look like ordinary users. Here is how you can honeypot the spammers.
https://github.com/taeganwarren/discord-honeypot-bot
We will be using the code from this Github repo that I worked closely with one of my friends to develop and perfect. Here is the general flow of how it works.
- Create a new discord account and join the server you want to protect
- Grab the user token of that user
- Add the user to a special admin/mod channel only along with a moderation bot like carl.gg
- Start the script with a program like https://pm2.keymetrics.io/ on a VPS or computer you have
- Sit back and watch the bans roll in
Step 1 & 2
Make a new discord account; I recommend using a VPN and an incognito window to leave no trace on who created that account. Once you have made that account, follow a guide like this to get the user token for the account. https://pcstrike.com/how-to-get-discord-token/
Once you have the account, join the discord server on that account, and you are good to go.
Step 3
Please create a new channel in your discord server and set it so the regular users cannot see it or access it. Hit “edit channel” and then go to the permissions tab and manually add the newly created Discord user to that channel, as seen in the picture below.
Once you have the newly created user in the channel, make sure to figure out the format for banning a user using whatever moderation bot you deem fit.
Step 3.5
Before we go to the next step, let’s ensure we have the Guild ID and Channel ID for our script. This step can be done on your main discord account if you would like, no need to do it on a honey pot bot account.
Following this tutorial: https://poshbot.readthedocs.io/en/latest/guides/backends/setup-discord-backend/
1. In Discord, open your User Settings by clicking the Settings Cog next to your user name on the bottom.
2. Go to Appearance and enable Developer Mode under the Advanced section, then close User Settings.
3. Open your Discord server, right-click on the server name, then select Copy ID
Once you have the Guild ID, right-click on the channel in your Discord Server to grab the Channel ID.
Note: The Guild ID and Channel ID will be shared between all honey pot bots created.
Step 4
This step will be a little tricky unless you are more tech-savvy. Go to a computer, server, VPS, EC2, etc. that you have access to. You will want to put the whole git project into a folder somewhere. Copy the “.env.example” and name it “.env”. This is where you can fill in all of those tokens and IDs that you have collected. You will notice something called “BAN_CHANNEL.” This will allow you to have a separate channel for your bot commands if you so wish. Let’s re-use the Channel ID we got from step 3.5 and put it here as well.
What will happen is after 10 seconds from receiving a message from a user, the bot will post the whole message in the “CHANNEL” channel and then put the ban command in the “BAN_CHANNEL.”
Go to the folder that has the code, run “npm i” in your terminal to install the packages, and install PM2 (optional) by running “npm install pm2 -g”.
I glossed over the fact that you need Node.js installed along with NPM. If you don’t have it installed already, I will let you google “How to install node on *insert your OS here*.”
Run the bot.js script as a process in PM2 and then sit back and relax
Step 5
I know I said step 5 was the sit back and relax step, but let’s talk about a few minor details.
If you want to change the command being sent to the ban channel, then you can do that on line 45 of bot.js
`!ban ${message.author.id} 9y Unsolicited Direct Message`
That is set up for carl.gg right now to ban the author of the DM for nine years with the reason of Unsolicited Direct Messages.
The “CHANNEL” var lets you preview the message sent to the bot if it was an innocent user DMing a random user (your honey pot bot) so you can un-ban them.
I would recommend running no more than 2-3 bots on a single IP not to raise any red flags on Discord’s side. You could run specific bots through proxies or VPNs if you are savvy enough to integrate that code in there. It shouldn’t be terribly hard (Famous last words).
Try giving your bots some different roles as well. Maybe give them a role that appears at the top of your discord server on the right-hand side. If someone is manually sending messages to specific roles or from top to bottom, having your bots seem like normal users increases the net of catching these spammers.
Final thoughts
I hope this was useful to someone out there. I had this running on a couple of large discord servers for months at a time with no issues or bans from Discord themselves. This tutorial is intended for server admins to defend their servers from these annoying bots by taking a proactive rather than reactive approach.
To Discord staff: I love Discord and always have. My account is from September 2015, four months after their public launch in May 2015. I know a few people who work there; shout out to Tristan and Mallory. I attended one of their monthly gaming events and met a few staff in person at Twitch Con 2016. Hell, I was even in one of Mallory’s vlogs: https://youtu.be/zVmES0hroUI?t=764 (Anyone from Discord remembers the light display backpack?). To say I love Discord would be an understatement.
All of that to say, if you have an issue with this article, please reach out to me over Discord, and let’s talk about it. I would be happy to discuss ways to combat or tackle the issue that doesn’t necessarily break ToS. For now, this is the only workable solution that I can see going forward. PS I say what my username is in Mallory’s Vlog, I have also dmed her in the past so she can tell you what my # number is 😉
Thanks all! Feel free to share this around or provide feedback on any changes or issues.