User Management
Blocking Users
Section titled “Blocking Users”Block specific users from accessing the bot.
BLOCKED_TELEGRAM_IDS=123456789,987654321,555555555How to Block a User
Section titled “How to Block a User”- Get their Telegram ID
- Add to
BLOCKED_TELEGRAM_IDS - Restart bot:
docker compose down && docker compose up -d
When to Block
Section titled “When to Block”- Spammers or abusers
- Users attempting fraud
- Accounts that violate ToS
- Suspicious activity
Find User Telegram ID
Section titled “Find User Telegram ID”Users can find their ID:
- Send message to @userinfobot
- Copy the ID returned
- Share with admin (if needed)
Whitelisting Users
Section titled “Whitelisting Users”Allow specific users to bypass security checks.
WHITELISTED_TELEGRAM_IDS=111111111,222222222,333333333How to Whitelist
Section titled “How to Whitelist”- Get Telegram ID (see above)
- Add to
WHITELISTED_TELEGRAM_IDS - Changes take effect immediately
When to Whitelist
Section titled “When to Whitelist”- Service accounts
- Staff members
- Verified partners
- Legitimate bots
- VIP customers
Whitelist Priority
Section titled “Whitelist Priority”Blocked IDs > Whitelist > Security ChecksIf a user is in both blocked and whitelist, they are blocked.
User Filtering
Section titled “User Filtering”Built-in Detection
Section titled “Built-in Detection”The bot automatically detects suspicious accounts:
| Check | Description |
|---|---|
| Keyword Analysis | Phishing/fraud patterns |
| Account Names | Service vs suspicious |
| Combinations | Dangerous keyword pairs |
| Service Recognition | Allow @CompanySupportAdmin |
False Positives
Section titled “False Positives”If legitimate users are blocked:
- Get their Telegram ID
- Add to
WHITELISTED_TELEGRAM_IDS - Restart bot if needed
- Report issue on GitHub
User States
Section titled “User States”New User ↓Security Check ├─ Blocked → Denied ├─ Whitelisted → Allowed └─ Check filters ├─ Suspicious → Denied └─ OK → AllowedConfiguration Examples
Section titled “Configuration Examples”Strict Security
Section titled “Strict Security”# Block known spammersBLOCKED_TELEGRAM_IDS=123456789,987654321
# Only allow staffWHITELISTED_TELEGRAM_IDS=111111111,222222222,333333333Open Access
Section titled “Open Access”# No blocked usersBLOCKED_TELEGRAM_IDS=
# Whitelist for staffWHITELISTED_TELEGRAM_IDS=111111111Selective Trust
Section titled “Selective Trust”# Block specific troublemakersBLOCKED_TELEGRAM_IDS=999999999
# Trust partnersWHITELISTED_TELEGRAM_IDS=111111111,222222222Monitoring
Section titled “Monitoring”Check logs for user access attempts:
docker compose logs remnawave-telegram-shop-bot | grep "user\|access\|security"Look for:
- Access denied messages
- Failed authentications
- Suspicious patterns
- Repeated attempts
Best Practices
Section titled “Best Practices”- Review Regularly - Update lists quarterly
- Document Changes - Keep notes of why users blocked
- Archive History - Track decisions for appeals
- Monitor Activity - Watch for abuse patterns
- Trust Partnership - Communicate with trusted users
Troubleshooting
Section titled “Troubleshooting”Blocked User Can Still Access
Section titled “Blocked User Can Still Access”- Clear browser cache
- Check configuration format (commas, no spaces)
- Verify restart completed
- Check logs for errors
Whitelist Not Working
Section titled “Whitelist Not Working”- Changes need restart? For blocked IDs yes
- Whitelist changes are immediate
- Verify ID format (numeric only)
- Check for typos
Too Many False Positives
Section titled “Too Many False Positives”- Adjust security settings
- Whitelist legitimate accounts
- Update bot to latest version
- Report to GitHub
Appeals
Section titled “Appeals”Users blocked by mistake can:
- Contact administrator
- Provide explanation
- Get whitelisted or unblocked
- Admin documents reason