Captcha was active. Anti-raid was on. 400 new subscribers arrived overnight anyway — and not one of them read the pinned post, clicked a link, or left a single reaction. Zero engagement. These aren't bots that tried to break through your defenses. Someone else's bots were sent to you.
How invite link flooding works
Every public Telegram channel has an invite link. Anyone with that link can join — that's the whole point of being public. Bot farm operators know this, and they've built a service around it.
A spam operator runs channels packed with thousands of bot accounts. When paid to target your channel, they post your invite link inside their bot network. The bots follow it automatically. Within a few hours, hundreds or thousands of fake accounts are sitting in your subscriber list — and from the outside, they look like normal new members.
The appeal for attackers: it's cheap and deniable. A 10,000-account flood costs $15–40. Because the bots are using a legitimate public link, there's no technical exploit to point at.
Why captcha doesn't fully close this gap
Captcha challenges every new member — that's its job. A bot that can't press a button within a time limit gets kicked. Against low-quality bot farms, it works well.
The problem is account quality. Bot operations that sell invite floods often use aged accounts — real phone numbers, profile photos, some activity history. These accounts pass a button-press captcha without difficulty. And even if your captcha catches 70% of an attack, the remaining 30% of a 1,000-bot run is still 300 fake subscribers inside your channel.
That's enough to damage your engagement rate, trigger bot-farmer labels on TGStat and Telemetr, and — in the worst case — provide the raw numbers for a follow-up report campaign that pushes Telegram toward a SCAM label.
What the damage actually looks like
Advertisers check ERR before buying. If 400 silent bots join your 5,000-subscriber channel overnight, your ERR drops by roughly 8% without your content changing at all. A buyer who was negotiating at a fair rate now sees numbers that look like a channel full of fake followers.
Analytics platforms flag this pattern automatically. TGStat and Telemetr track subscriber-to-view ratios; a sudden influx of non-viewing accounts gets logged as suspicious activity. That notation stays visible on your channel profile for weeks, appearing in every audit a potential advertiser runs.
A 10,000-account invite flood costs an attacker $15–40. Repairing the reputation damage takes months.
How TGuard antivirus detects the source
The Telegram Bot API includes the invite link source with every join event. By default, that data passes through and gets discarded. TGuard's antivirus captures it continuously.
When an abnormal volume of new members arrives through a single invite link within a short window, the system raises an alert: which link, how many accounts, over what time span. The source is identified within minutes of the attack starting — not the next morning when you notice the ERR drop.
Two things this makes possible:
- Immediate action. Revoke the compromised invite link and generate a new one. This cuts the flow off at the source before the full attack volume arrives.
- Documented evidence. If the attack triggered a SCAM label, Telegram support needs proof of a coordinated attack — timestamps, account count, source link. TGuard's incident log provides exactly that.
Cleaning up after an attack
Once you've revoked the link, remove the accounts that got in. TGuard's cleanup tool lets you target subscribers by join date — select the window when the attack landed and delete in bulk. Accounts that joined between 2 AM and 6 AM on a night with no active promotion are not your real audience.
After the fake accounts are gone, your view ratios normalize over the next few days. Analytics platforms recalculate automatically; the bot-farmer notation disappears once the ratio looks clean again.
Setting it up
- Open @channel_guardian_bot and select your channel.
- Go to Security → Antivirus.
- Toggle it on — TGuard starts monitoring invite link sources immediately.
- When an anomaly is detected, you receive an alert with the link, count, and timestamp.
Frequently Asked Questions
Invite link spam is an attack where a bot farm operator posts your public channel link inside a bot-filled network. The bots auto-join through the link, flooding your subscriber list with fake accounts that damage your engagement metrics and analytics standing.
Captcha adds friction but doesn't fully stop invite link attacks. If the bots are aged accounts with real profiles, they pass a button-press challenge. Even if captcha blocks 70%, a 1,000-bot campaign still delivers 300 fake subscribers — enough to damage your ERR and trigger bot-farmer flags on analytics platforms.
TGuard monitors the source of every new subscriber join event. When an abnormal volume of accounts arrives through a single invite link in a short window, the antivirus raises an alert with the exact link, account count, and time range — so you can revoke that link and clean up the accounts that got through.