Making Slack safe for ICO communities.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
classes
img
.gitignore
README.md
composer.json
composer.lock
config.ini.template
index.php

README.md

https://github.com/409H/LetsMakeSlackSafe/blob/master/img/banner.png?raw=true

Installation

  • Clone the repository
  • Run composer update
  • Log into your Slack team
  • Go here and generate a legacy token for you: https://api.slack.com/custom-integrations/legacy-tokens
  • Run cp config.ini.template config.ini and put your legacy token into app[token].
  • Run php -f index.php
  • Start chatting in Slack

Commands

To set up some things, you need to know things that aren't publicly viewable. Below is a table of things you can run

Command Example Response Description
+userid COMMAND Userid: XXXXXXXX Gives your slack user id for admin[userid] setting
+update COMMAND Updated domains: 2,141 Updates the blacklist of domains provided by ESD

What does it do?

This is not the finished piece - still working on it! Currently it's protecting the users who are running it with their legacy token. I'm looking at putting it into a Slack app to run it on behalf of all users automatically so every user is protected. If an admin is running it, then all public channels will be protected.

  • Disables use of people using Slackbot to remind channels.
  • Disables people from sending messages as anyone through the open legacy tokens api.
    • You can whitelist the bot_ids in config.ini that are allowed to post messages.
    • This will also reduce the attack vector of people creating apps and messaging everyone to look more legit.
  • Periodically remind admin users who don't have 2fa enabled to enable it.
  • Look at URLS in messages and see if they're in the EtherScamDb database.
  • Archive deleted messages to an archive private channel for admins to look at.
  • Deploy to Heroku button

Author

Donations of ETH & ERC20 are accepted: 0x661b5dc032bedb210f225df4b1aa2bdd669b38bc