[Request] Configurable captcha solve time also in seconds

[SiDronee]

For now, we are under a big bot wave attack.
The chat is spammed with Captcha images. We set the time already to 1 minute! So what we would like to have as options:

• Make it possible to make minutes also seconds.
• Solve time in seconds
• Delete success/fail message, commands

Like Rose, it is possible to send the challenge to the person's DM instead of the chat he likes to join:
This will help THE BIG SPAM attack of bots. We can't read anything in the main chat because of 30 captchas within few minutes.(of course they get deleted, but they come in waves) would be amazing to have this :)

[J-Rios]

Hi,

Totally agree, Bots wave attacks where hundreds or thousands of Bots joins in few minutes are really annoying causing a lot of messages "noise" in the group, this is an issue that has been always in my mind but it is difficult to find a suitable solution...

This is why:

• Regarding moving captcha solve time minimum configurable limit from minutes to seconds: I'm not really sure that it will be the best way to handle it, using less than 1 minute will cause real humans that are not used to captchas and doesn't know how it works, to miss solving it and doesn't let them to even ask in the group how to do it, and that can cause a bad user experience in general.

• Regarding deletion of success/fail messages: By default, that messages are automatically removed after some time (5 mins), just make sure that you doesn't have configured to keep this messages (command /remove_solve_kick_msg yes). I think I can reduce the time to remove this messages from 5 mins to 1 min, it can help a bit.

• Regarding make the captcha process by DM (Direct Message) in a private chat with each new user: There is a restriction from Telegram that doesn't allows a Bot account (like captchabot) to start a private chat with an user, it allways needs that the user have started the private conversation with the Bot before. If am not wrong, what Rose do is send a message in the group telling the new user to press a button that send it to a private chat with Rose, because internally that button press make the user to start the private conversation with the Bot (it is like send a DM /start command to the Bot). So the only way for JoinCaptchaBot could be the same, send a message to the group with a button to tell and ask the user solve the captcha in DM, however, as you can see, it doesn't really help, because the Bot must send a message in the group with that Button, so we are just changing the captcha image message to a text with a button message, the chat still gonna be noisy with this messages...

Let's keep the issue open while I think about it, if you have any ideas don't hesitate to send it here to check if can be helpful.

Regards.

[SiDronee]

I totally agree with you, I have it set to 2 min to solve it.

Regarding moving captcha solve time minimum configurable limit from minutes to seconds: I'm not really sure that it will be the best way to handle it, using less than 1 minute will cause real humans that are not used to captchas and doesn't know how it works, to miss solving it and doesn't let them to even ask in the group how to do it, and that can cause a bad user experience in general.

**- For this, I want the messages like you solved the captcha/you provided wrong answers that to be visible for 3 seconds only.

• Maybe also a separate time for /commands to let it set to 15 seconds.
• also off-topic for these sections, can we assign more admins to make the bot change? For example /admin [@xxx]
  will be enabled to change /difficulty, /welcome_msg, /time, /enable and /disable**

Regarding deletion of success/fail messages: By default, that messages are automatically removed after some time (5 mins), just make sure that you doesn't have configured to keep this messages (command /remove_solve_kick_msg yes). I think I can reduce the time to remove this messages from 5 mins to 1 min, it can help a bit.

Good, didn't know that I'll search also online what is a good solution because that will help a lot! :)

Regarding make the captcha process by DM (Direct Message) in a private chat with each new user: There is a restriction from Telegram that doesn't allows a Bot account (like captchabot) to start a private chat with an user, it allways needs that the user have started the private conversation with the Bot before. If am not wrong, what Rose do is send a message in the group telling the new user to press a button that send it to a private chat with Rose, because internally that button press make the user to start the private conversation with the Bot (it is like send a DM /start command to the Bot). So the only way for JoinCaptchaBot could be the same, send a message to the group with a button to tell and ask the user solve the captcha in DM, however, as you can see, it doesn't really help, because the Bot must send a message in the group with that Button, so we are just changing the captcha image message to a text with a button message, the chat still gonna be noisy with this messages...

[AtL3astM3]

Regarding the dm process: I really support the idea of sending captchas via dms even if we need a button in the group to start the conversation with the bot

[SiDronee]

During a bot wave attack we still like to have the possibility to change the join time to 15/30 seconds.

when it's over we can then turn it back to 2 minutes.

[J-Rios]

Regarding the dm process: I really support the idea of sending captchas via dms even if we need a button in the group to start the conversation with the bot.

Current Bot code is oriented to handle users captcha process inside groups, and move that logic to be done through DM requires a lot of work. Also, not all users want the DM thing, so both modes must be handled, increasing complexity in code maintenability without seeing any profit on it. So only if it is really useful or necessary for some reason I will dig into it.

During a bot wave attack we still like to have the possibility to change the join time to 15/30 seconds.

when it's over we can then turn it back to 2 minutes.

That can be done for next version update without problem.

And maybe implement some mechanism that can help for wave attacks, like a command to block any group entrance for some time (i.e. some kind of /lock command that makes the Bot to automatically kick any user join attempts without waiting time)...

[J-Rios]

Implemented configurable captcha time for seconds and minutes. Now it will allow to configure for any value in range 10 sec to 10 min:
da24a42

For developers: To make this change, I need to change the captcha time value stored in groups config file to be seconds instead minutes. There is no problem for new Bot deployments, however, note that deployments of previous Bot versions that want to update for new version should remove all groups configs data files or patch/fix each current group config file to change minutes to seconds. This can be done without problem by executing the next fix script that automate that change:
Config Data Fix script

Some checks and tests need to be done before I update current Bot instances (@join_captcha_bot, @pro_join_captcha_bot)... Stay tune... :)

[J-Rios]

Ok,

@join_captcha_bot, @pro_join_captcha_bot updated to last version supporting configure captcha solve time in seconds.

Regards.

[J-Rios]

Let's split both requests of this issue to keep a better traceability...

Due allow captcha solve time config in seconds request was done, I'm going to use current issue for that, and I'm going to close this issue.

For DM request, I have created a new issue for it, please use the new issue regarding that topic:
#119

Regards.