install link: Discord
/auth anon to have the bot create a Glitch account/join with a project name and invite the bot, for it to have permission
/exec to run whatever commandbecause y’all have wanted to run e.g. man git-branch in the middle of a conversation before, right?
right??
project link: Glitch :・゚✧
I’ll make a few more posts to go over things that I thought were interesting while building this
wait what? how did you bypass the editor recaptcha?
the recaptcha is only used when you remix. which does make things complicated, as you can’t create a project directly. so in a way, it’s bypassed by having the user invite the bot account to an existing project 
Just as a small note, one of the big reasons we’ve not been able to move as fast as we’d like on infra updates is because of discord bots constantly being used to abuse the platform, keeping the entire engineering team busy with abuse detection and mitigation.
Adding friction to the remix process is a good thing in order to prevent someone from scripting something that remixes this on throw-away accounts five times in a row (because you only get 5 projects on a new account), and then does that 500 times =)
wait what? there are only 5 free projects per account?
You don’t get to set up an infinite number of projects immediately, there’s a grace period during which we give you a limited number of projects for everyone’s sanity. If you’re a normal human being instead of a bot, that limit almost never comes up because you’re not trying to remix 100 projects in 20 seconds after creating an account.
(I didn’t mean “you get X projects forever”, that’s trivially false, all of us real humans have way more projects than that =D)
how does discord, in particular, fit into this category of glitch platform abuse?
I remember many years ago there was a problem with bot developers running the bot on glitch and keeping their projects on all day, as discord required. that’s since been disallowed on glitch, and a paid solution is now offered by glitch.
Lots of folks love DDoSing other people’s discord bots. Just because you’re using it responsibly doesn’t mean others aren’t going to fork out $10 to nuke your bot from orbit, and the blast radius is everyone else on Glitch.
ah so the way discord fits in is that:
attackers find it more appealing to ddos a glitch project if it is a discord bot than to ddos a glitch project if it is not a discord bot
I guess what would you recommend we should do (as glitch users)? should we avoid showing off what we’ve built if it is a discord bot? would we be less likely to attract ddos if people don’t know our project is a discord bot?
Attackers love easy targets, and discord bots generally make easy targets, but there are a number of different “popular” (if you can call it that?) vectors attackers like to use. Discord’s unfortunately high on that list, so while discord bots aren’t inherently against the rules, and talking about making them isn’t against any rules, and making a remixable project that makes it a zero-conf (ish) process is technically fine, I’d still urge anyone to think about whether what they’re posting (be that on the forum or Glitch itself) can easily be abused.
why not just implement cloudflare 
this would stop 99.99999% of ddoses
oh wait fastly is a cloudflare competitor right
that’s surprising, that compared to a project that’s an HTTP server, a discord bot is considered an easy target. definitely didn’t know that, thanks for sharing this
A CDN does not stop a DDoS, it just stops it from hitting your infrastructure. You’re 100% still paying for every incoming connection that needs to get blocked, it just gets blocked by someone with more servers to take the hit. You’re still going to have to figure out why that DDoS is happening, and “wasting” time making a team that would otherwise be able to work on Glitch work on understanding why the attack happened, and figuring out ways to make the attack vector involved unappealing enough to no longer get used.
Remember: a CDN mitigates attacks, but not offering attackers easy ins prevents attacks =)
wait what? you still pay for connections that get blocked with cloudflare?
Poorly phrased: you pay for the service, and while the lower tiers are quite affordable, we would definitely not qualify for those.
glitch is run by fastly tho so don’t they have the infrastructure to handle these smaller attacks?
Sure, but unless you work here you have no idea what routing and security infrastructure we already have in place, and for obvious reasons I’m not going to tell you what those are just to convince you we’re doing enough (this isn’t the War Thunder forum =D)
But I will tell you that there is no such thing as “just” adding CF in front of what’s already in place. We’re nowhere near small enough for that.
okay!
regarding the captcha: I don’t mind having to pick out which pictures are motorcycles. I don’t mind making a program where a user has to do that either. I find it generous and welcoming that glitch lets users create a project without registering first. if having a captcha is enough for glitch to offer this, then that’s great. what I don’t like is that the captcha frontend implementation is full of obfuscated code. it’s not portable. it won’t run in anything other than an entire web browser. and I don’t want to make programs that have to embed a web browser. I’m not making those programs, and that’s fine too.
what if they switch to something like a PoW captcha with a pretty high difficulty level like what Brave Search does