When a bot farm runs a mass-subscription script, Telegram sees no difference between a human and a bot — it simply processes API requests. This is why Telegram's native tools are insufficient for blocking automated joins. Captcha is an additional barrier that requires one simple action from a new member — an action that is impossible for a bot without a human at the keyboard.
Why Bot Farms So Easily Attack Unprotected Channels
Modern bot farms use the legitimate Telegram API to manage thousands of accounts. Subscribing to a channel is a single API call. A script can execute it thousands of times per hour by distributing requests across accounts to stay within per-account rate limits. Without a channel-side challenge, Telegram has no mechanism to stop this.
Consequences for an unprotected channel:
- Subscriber count spikes while reach stays flat — ERR crashes;
- False audience growth data in analytics;
- Elevated risk of a SCAM label during coordinated mass-report attacks;
- Polluted member list with useless bot accounts.
Public Channel vs. Private Channel: Different Captcha Goals
How captcha works differs depending on channel type.
Public channel (searchable, open subscription). Captcha acts as a post-join verification: a person joins, the bot sends them a private message with a button. If the button is not pressed within the time limit — the member is automatically removed. This creates a funnel through which only real people pass.
Private channel (invite-link-only access). Here the additional task is preventing bots from auto-using invite links. TGuard monitors for an abnormally high number of link-follows within a short window and can temporarily deactivate the link if suspicious activity is detected.
How TGuard Captcha Works: The Single-Button Mechanic
Over more than three years of operation, TGuard has protected over 12,000 channels with a combined audience of more than 50 million subscribers — and the single-button captcha has been a core element of that protection from day one.
TGuard intentionally uses the simplest possible captcha — a single button confirming that the member is real. No complex text challenges, no image puzzles. Why this design?
- Minimal friction for real users. One tap in one second — this is not a barrier for a human being.
- Effective against bots. Standard auto-subscribe scripts do not interact with bots in private messages. That requires separate program logic that most bot farms do not implement.
- Scales under attack. When 10,000 bots arrive simultaneously, the system sends 10,000 messages with a button — none are pressed, all are kicked at timeout.
TGuard also supports an enhanced anti-raid mode: when join velocity becomes anomalous, new subscribers are queued for verification rather than immediately admitted to the channel.
Setting Up TGuard Captcha: Step-by-Step
- Open @channel_guardian_bot and press Start.
- Select "Add channel" and add the bot as an admin of your channel with Restrict Members permission.
- In the channel management menu, select "Captcha."
- Enable captcha — the verification window is 5 minutes. That is more than enough for a real user; bots never press the button at all.
- Customize the welcome message text — explain to new members why they are receiving a verification request.
- Optionally enable "Anti-Raid Mode" for automatic protection hardening during join waves.
- Save settings. From this point, every new member will go through verification.
Frequently Asked Questions
Captcha filters out bots that automatically subscribe to channels. Without it, a bot farm can add thousands of fake accounts to your channel in an hour, corrupting your analytics and degrading audience quality.
For a public channel, captcha verifies each new subscriber immediately after they join. For a private channel, it also filters users who follow an invite link, preventing bots from entering via leaked or publicly shared links.
Add @channel_guardian_bot as a channel admin, open the settings in the bot, enable the Captcha section and choose your mode. The entire setup takes under 5 minutes.