How to speed up process of moving Discord banned bot hosts

Currently Glitch staff has to manually move all the banned hosts, which takes a bit of time and that time could be spent by Glitch staff to do something more important.

So I would suggest that Glitch staff will add a button to editor that can be pressed by a user to automatically move the project to new host.

User must meet the following requirements:

  • User must to be a project owner
  • Project must be on banned host
  • User must pass RECAPCHA verification
  • User cannot use the button more than once per hour

This would speed up the process of moving and would allow Glitch staff to do something else.

I think on paper this might seem like a good idea, but this would make Glitch the #1 stop for people who abuse the discord API. Spammed 10k DMs and your bot got banned? Just push the button and your right back to spamming.

I’m not sure, I want to see what other community members think.

4 Likes

Maybe Glitch would need to verify users or something? Something like trust level.

You have my invisible vote considering I get a 403 :joy:. I think this is a good idea but how can Glitch find out if they are on a banned host without a human?

When the project editor is opened Glitch will automatically check using this command curl -I https://discordapp.com/api/v7/gateway.

1 Like

I think having like a required account age, like accounts that were created one day ago can’t do it.

2 Likes

There is going to be a lot of abusing this option itself as @RiversideRocks has mentioned, but then wouldn’t this button be available for all kinds of projects and not just Discord bots? If so, how are they gonna determine whether it is a Discord bot or not?

2 Likes

Here’s another set of rules that can be used as well.

  1. Must be logged in with a non-anonymous account.
  2. Must be a paying user.
  3. Account must have been created at least one month ago.
  4. Account must not have changed a host in the last day.
  5. Logged in user must pass captcha.
3 Likes

This would probably stop most of it.

1 Like

Indeed   

1 Like

These (in my opinon) are the better suggestions.

  • once per day.

  • 3x a week

  • 6x a month.

  • Staff have the ability to shut it down.

  • A check to make sure host is actually banned. (Just send a curl request)

Well then anyone can just make a new account and remix their previous bot. The most important rule for security reasons should be that a user must be a paying user. The time stuff doesn’t really help.

Let’s say we use these rules here to make it really really hard for a user to change their host:

  1. User must be a registered user.
  2. User must be older than 1 month.
  3. User must not have changed a project’s host in the last hour.
  4. User must not have changed a project’s host 3 times during the current week.
  5. User must not have changed a project’s host 6 times during the current month.
  6. User must pass captcha.
  7. User must own the project they’re trying to change the host for.
  8. The project must be on a banned host.

You would think that these are some hard rules to break right? Not really, anyone can just make lots of account, and the next month abuse those accounts by getting more hosts banned and switching to a non-banned host.

Even if glitch ratelimits the amount of accounts that can be created the user could always use some free vpn, even if Glitch decided to add phone number verification they could just use some receive free sms service.

In the end, Glitch looses, the only real solution is to require a user to be paying to be able to switch host, that way even if a user manges to get glitch’s host banned they still get earnings from it, and the paying thing will scare away most of the abusive users.

3 Likes

You realize that regular users can request a change and afaik glitch has not suspended any projects for hitting discord ratelimits repeatedly.

Still… A button is just a bad idea unless it is a paid feature. I’m not saying this because I want it to be some paid privilege, it’s a security measurement. I’m not a paying user, but if I was going to implement something like this to one of my own services I’d make it paid because it so easy to abuse.

1 Like

A malicious person can literally get a host banned, remix project, get on new host, repeat.

I’m well aware about that :wink: That was not in discussion though. I was still on topic about the switch host button thingy.

How about we use email verification? Only one account per email.

https://10minutemail.com/
^Hundreds of those-type sites exist.

For SMS, we got voice.google.com

1 Like

Easy workarounds to that.

2 Likes

Yeah, email aliases.