Hey, you! Is your project new to Discord?
Do you want a secure Discord server but you donโt want to spend the money on a "Discord audit"?
Here's a ๐งต explaining how to do it in 3 simple steps ๐
Do you want a secure Discord server but you donโt want to spend the money on a "Discord audit"?
Here's a ๐งต explaining how to do it in 3 simple steps ๐
Step 1/
Learn the interaction of every permission on Discord (in both role and channel settings). Here's a quick-start guide: lukenamop.gitbook.io
Make sure to check every role and every channel to be sure nothing slips through. (This includes bots - don't give them Admin!)
Learn the interaction of every permission on Discord (in both role and channel settings). Here's a quick-start guide: lukenamop.gitbook.io
Make sure to check every role and every channel to be sure nothing slips through. (This includes bots - don't give them Admin!)
1.1/ Make sure dangerous permissions aren't assigned to ๐ข๐ฏ๐บ๐ฐ๐ฏ๐ฆ, not even staff, and make sure critical staff have secondary "Cold Admin" accounts. See the quoted thread from @Jon_HQ for more info on why this is necessary and how to set it up:
1.2/ Aside from explicit permission settings, you also need to give some attention to the role order (or hierarchy). If this is wrong, all your hard work setting permissions would be for naught.
Bots should be no higher on the role list than they need to be.
Bots should be no higher on the role list than they need to be.
1.3/ User roles should be sorted from highest permissions to lowest permissions.
"Vanity roles," to give cool colors or titles, should have no permissions.
In general, channels should not have any explicit โ /โ permissions except "View Channel" and "Send Messages."
"Vanity roles," to give cool colors or titles, should have no permissions.
In general, channels should not have any explicit โ /โ permissions except "View Channel" and "Send Messages."
Step 2/
Learn the ins and outs of your Discord bot options. This requires ๐ฟ๐ฒ๐ฎ๐ฑ๐ถ๐ป๐ด ๐๐ต๐ฒ ๐ฑ๐ผ๐ฐ๐ and ๐ฑ๐ผ๐ถ๐ป๐ด ๐๐ผ๐๐ฟ ๐ผ๐๐ป ๐๐ฒ๐๐๐ถ๐ป๐ด.
There are important security bots:
- Wick
- Server Supervisor
- Spam Defender
- Good Knight
- Hashbot / Beemo
- Sledgehammer
Learn the ins and outs of your Discord bot options. This requires ๐ฟ๐ฒ๐ฎ๐ฑ๐ถ๐ป๐ด ๐๐ต๐ฒ ๐ฑ๐ผ๐ฐ๐ and ๐ฑ๐ผ๐ถ๐ป๐ด ๐๐ผ๐๐ฟ ๐ผ๐๐ป ๐๐ฒ๐๐๐ถ๐ป๐ด.
There are important security bots:
- Wick
- Server Supervisor
- Spam Defender
- Good Knight
- Hashbot / Beemo
- Sledgehammer
2.1/ Then there are general use/utility bots:
- Dyno
- ProBot
- Carl
- YAGPDB
- Xenon
- Logger
- Invite Tracker
- Craig
- Giveaway Boat
- Giveaway Bot
- Ticket Tool
- Tickets
- Tweetshift
- Pingcord
- Statbot
- pฬถlฬถeฬถaฬถsฬถeฬถ ฬถnฬถoฬถtฬถ ฬถMฬถEฬถEฬถ6ฬถ
- Dyno
- ProBot
- Carl
- YAGPDB
- Xenon
- Logger
- Invite Tracker
- Craig
- Giveaway Boat
- Giveaway Bot
- Ticket Tool
- Tickets
- Tweetshift
- Pingcord
- Statbot
- pฬถlฬถeฬถaฬถsฬถeฬถ ฬถnฬถoฬถtฬถ ฬถMฬถEฬถEฬถ6ฬถ
2.2/ And you also have your web3 bots:
- Vulcan
- Collab Land
- Whop
- Guild xyz
- Alpha Bot
- Wallet Collector
- Boto
- assorted price trackers
- Vulcan
- Collab Land
- Whop
- Guild xyz
- Alpha Bot
- Wallet Collector
- Boto
- assorted price trackers
2.3/ And, don't forget, you're going to want to limit the permissions of each bot as much as possible. By default, most bots will ask for more permissions than they actually need to function, which creates additional risk.
Step 3/
Research the various attack vectors scammers use to compromise Discord accounts. Bookmarklets, QR logins, etc.
Understand how to protect your staff from these attacks (hint: 2FA is definitely recommended, but it will ๐ป๐ผ๐ protect you from these phishing scams).
Research the various attack vectors scammers use to compromise Discord accounts. Bookmarklets, QR logins, etc.
Understand how to protect your staff from these attacks (hint: 2FA is definitely recommended, but it will ๐ป๐ผ๐ protect you from these phishing scams).
3.1/ This one is kind of on-going. Scammers are evolving & innovating every day. You're going to want to check for new trends fairly often to make sure you don't miss anything and can give your team plenty of warning.
... ๐ผ๐ฟ ... you could save yourself hours, days, WEEKS, of work by bringing in an auditor who spends every day doing everything I've detailed in this thread.
Well-reviewed auditors may not be cheap, but they can jumpstart your community and provide lasting protection.
Well-reviewed auditors may not be cheap, but they can jumpstart your community and provide lasting protection.
Look for someone with positive reviews from other auditors, not just someone that other project founders recommend.
Look for someone who has a track record of proactively providing public, free resources, who will go out of their way to protect servers they don't even work with.
Look for someone who has a track record of proactively providing public, free resources, who will go out of their way to protect servers they don't even work with.
Flashy graphics and marketing tactics don't replace detailed written reports. Look for someone who will be available to help you as things evolve long-term.
Someone like @Jon_HQ, @Plumferno, or one of the many other auditors contributing to the public @Server_Forge community.
Someone like @Jon_HQ, @Plumferno, or one of the many other auditors contributing to the public @Server_Forge community.
Made it this far? Still want to do it yourself? Contact me or @Server_Forge and we can connect you with further resources!
Hereโs the first Tweet in the thread if you want to give it some love:
Loading suggestions...