cross-posted from: https://programming.dev/post/18411894

Hello Lemmings!

I am thinking of making a community moderation bot for Lemmy. This new bot will have faster response times with the help of Lemmy webhooks, an amazing plugin for Lemmy instances by @RikudouSage@lemmings.world to add webhook support. With this, there is no need to frequently call the API at a fixed interval to fetch new data. Any new data will be sent via the webhook directly to the bot backend. This allows for actions within seconds, thus making it an effective auto moderation tool.

I have a few features I thought of doing:

  • Welcome messages
  • Auto commenting on new posts
  • Scheduled posts
  • Punish content authors or remove content via word blacklist/regex
  • Ban members of communities by their usernames/bios via word blacklist or regex
  • Auto community lockdown during spam

What other features do you think are possible? Please let me know. Any questions are also welcome. Community requested features:

  • Strike system

Strikes are added to a certain member of the community and the member will be temporarily banned within a time period if their strike count reaches a certain threshold

  • Post creation restriction by account age

If an account’s age is lower than X, remove the post.

  • threelonmusketeers@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    4 months ago

    Thanks for taking this on! Lemmy is lacking these sorts of flexible and robust moderation tools.

    What other features do you think are possible?

    I think the ability to auto comment could be combined with regex and not limited to punishment. The ability to reply to an arbitrary string or list of strings with another string could be quite useful. Do you think this would be feasible?

  • threelonmusketeers@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    2
    ·
    4 months ago

    Any questions are also welcome.

    How would a moderator team deploy and customize this bot? Who will host it? You? The instance admins? The moderators themselves?

    Thanks!

    • asudox@programming.devOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      4 months ago

      I am thinking of making a website for it to act as a dashboard. The community owner will get a UUID as a password to access the dashboard of the community. For security reasons, the password will be reset when the owner of a community changes. I actually just thought of hosting the bot myself on lemmings.world.

      As for the mods accessing the dashboard to configure the bot, I don’t know yet. Any suggestions?

      • threelonmusketeers@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        4 months ago

        As for the mods accessing the dashboard to configure the bot, I don’t know yet. Any suggestions?

        Suggestions for how the mods could securely access and configure the dashboard?

        I feel like a “login” could be done similar to how @grant@toast.ooo configured the login for !canvas@toast.ooo. The automod bot could DM the mod account and provide an access code.

        The dashboard itself could be as simple as an editable text file for each community, containing if-then and regex rules, or you could go for a fancier GUI if you are feeling ambitious.

        • asudox@programming.devOP
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          4 months ago

          I am trying to decrease the API calls as much as possible, so that is not an option. I might just have the owner decide with which mod they want to share it with. That seems to be the easiest option tbh. It also shifts the responsibility from the developer (me) to the consumer (the owner).

          I am thinking of having a simple login form with a community ID field (which will be provided by the bot along with the password) and a password field which will just be a UUID. There is no checking done whether the person logging in is really a moderator of community X or not so yeah.

  • Jumuta@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    4 months ago

    I think the strike system would make sense and limiting by account age might work as well, but I don’t think the other simple methods of moderation are going to be that useful, as word blacklists always have false positives and auto community lockdown could be exploited by someone to sabotage a community. (like with a denial of service attack)

    Also, this is just my opinion but I really hate it when software speaks to me like they’re real people, I understand that it is ultimately written by a person but when the same phrase is repeated to every person regardless of the context it just annoys me. Similiarly I don’t like the automod messages/comments on reddit because it just feels like low effort content in comparison to what real people post on there.

    I think this would make more sense framed as a plugin rather than a bot, because a bot post is placed equally to a human post while being inherently lower importance.

    If I were to suggest features it would be something like a large language model based content filter, but I understand the computational and cost limitations would make that challenging.

    • asudox@programming.devOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      4 months ago

      LLMs are too expensive to run and slow as well. As for the lockdown system, DoS as in sending API calls to send messages? Yeah well that’s considered spam and will indeed lock the community down. But it won’t happen instantly and I still need to plan how it would detect spam and whether it will attempt to automatically ban the spammers or not. The bot is still in the preparation phase, I haven’t done any work yet.

      As discussed in some other comment, the bot will not delete posts that are triggered by regex or word blacklist but report them. The bot indeed won’t understand context so it will do more harm than good. I am also thinking of transliterating content to catch people using symbols that look like certain characters like € for E and $ for S. That will be done at the webhook level though.