In our previous article, we entertained the idea of introducing a Discord Bot that adds an extra layer of security for the community by requesting 2FA from the mods when posting announcements.
Over the past few days, we developed such a bot, and we would like to show you how it works. This bot is part of a larger set of bots we are working on that includes whitelisting, rarity rankings, owner verification, and a few more cool features — but more on that in a future article :)
For now, let’s focus on the 2FA Announcements. This article will mostly be in the form of a how-to tutorial, and we will address some questions at the end of the article. We will also assume your Discord server is brand-new, so we will cover a few basic setup steps.
Inviting the bot and initial configuration of the channel and user permissions
Step 1: Invite the bot
You can invite the bot by clicking here. Please keep in mind that the bot is still under development, and at this moment, you can use it for testing purposes. You can expect interruptions in service and bugs, as we are still working to improve it :). We will officially announce when the bot is ready for public use. If you decide to test the bot, let us know what you think and alert us about any issues — if you find them.
Step 2: Initialize the bot
Before you do anything, you need to initialize the GM Bot. You do this by typing !gm init in your #general channel.
Step 3: Configure roles
In a second, you will see the bot join your server. The next step in the process is to configure channels, roles, and permissions properly.
As we said in the previous article, the problem we are working to fix/prevent is a situation in which a moderator account is compromised.
For this reason, the GM bot role must be above the moderator’s role. Otherwise, a compromised moderator account could remove the bot from the server or otherwise disable it, thus defeating the purpose of the GM Bot.
Head on to the Server Settings section of your Discord server and then navigate to the Roles section.
If you do not already have a Moderator role, create one and place it below the GM Bot role.
Step 4: Configure channels and permissions
Next, create two channels:
- #announcements — this is a public channel where your authorized announcements will be published.
- #announcement-proposals — this is a private channel where 2FA will be happening.
When creating the #announcement-proposals channel, make sure to select only the GM Bot and Moderator roles. This is to ensure that announcement proposals do not make it to the public before they are authorized.
Only Moderators and the GM bot can access the #announcement-proposals channel.
But this is not the end. Next, you need to set up proper permissions on the #announcements channel, and this means that everybody, including moderators, can only view the message history and react to the messages. Only admins and the GM bot are allowed to post to this channel. You need to configure this for each of these roles explicitly.
When the GM bot is production-ready, we will create a video to show you exactly how roles need to be configured.
Configuring the GM Bot
Once you are done with configuring channels, roles, and permissions, it is time to configure the GM Bot :)
Before you can start using the bot, the bot needs to know the following:
- What is your public announcement channel?
- What is your announcement proposals channel?
- Who are the moderators that can post announcements?
- Are you going to use both SMS and Email in the 2FA process, or only email?
This is all relatively easy to configure. Here’s how to do it.
Step 1: Setting up your primary/public announcements channel
Navigate to the #announcements channel you created a few minutes ago and type the following command:
!gm set-ac
Step 2: Setting up your announcement-proposals channel
Navigate to the #announcement-proposals channel you created a few minutes ago and type the following command:
!gm set-apc
Step 3: Setting up announcement moderators
This is where the fun begins :) We need a few more people on our test server to adequately demonstrate this part.
We now have one moderator and two regular users, one of whom is the admin of the server.
Based on our permissions and channels configuration, these users see different channels.
The moderators can see #general, #announcements, and #announcement-proposals.
A regular user can see only #general and #announcements.
Now, the essence of this step — adding an announcements moderator. To get this done, the admin of the server should run the add-mod command, specifying the moderator, his email, and his phone number. The email and phone number are required, as the moderator will receive 2FA codes to authorize the announcement.
This is one of the most critical steps. If the admin does not do this, the moderator will not be able to send the announcements. Here is an example of what happens when a non-authorized moderator tries to send an announcement proposal.
As you can see, the bot responded with an error, saying that the user is not authorized to post new announcement proposals.
The server admin then runs:
!gm add-mod @0xRebelsMod moderatorsemail@someemail.com +123456789
This instructs the GM bot that user @0xRebelsMod is authorized to send announcements, to send an email auth code to moderatorsemail@someemail.com, and to send an SMS auth code to +123456789.
If everything goes well, the bot responds with an appropriate message.
You can always remove a moderator by running the !gm remove-mod and tagging the moderator you wish to remove.
For example:
!gm remove-mod @0xRebelsMod
Step 4: Configuring the SMS API
Using both email and SMS auth codes is preferred and recommended, but you can disable the SMS code by simply not configuring the SMS API. If you do not configure the SMS API, the SMS auth code will always be 0.
The GM Bot contains both free and premium features. We intend to keep the 2FA announcements as a free feature as it directly benefits the safety of community members.
However, sending SMS messages costs money, and to keep the 2FA announcements free, we have decided to allow NFT Discord Server owners to configure their own API keys. This means that the bot remains free, but you can pay for your own SMS credits.
The GM Bot 2FA uses clicksend.com as its SMS provider, and if you wish to enable SMS 2FA, you will need to create an account at clicksend.com and get your own API keys. We are not affiliated with clicksend.com, and we do not get any money out of you using their service. You can learn how to obtain the API keys on this link.
The SMS API keys consist of an email address and the API key. Once you obtain them, use the set-sms-api command to configure the GM bot.
An example of the command is:
!gm set-sms-api user@emailserver.com 1234–567–9989–000
If everything goes well, you will see a message like the one above.
That’s it. You’re all set. You can start making announcements with an extra layer of security for your community :)
GM Bot’s 2FA Announcements In Action
Are you ready? Good :) Here is how sending a secure announcement works:
- The authorized moderator post an announcement in the #announcements-proposal channel.
- The GM Bot sends the moderator an email and an SMS auth code.
- The moderator confirms the codes.
- The GM Bot publishes the proposed announcement in the #announcements channel.
Here is an example:
Steps 1 & 2: Posting an announcement proposal by the authorized moderator
In the screenshot above, you can see the announcement proposal sent by the moderator. The bot responded with a message, asking the moderator to initiate the 2FA security check.
The moderator then clicks the button that will send the 2FA codes and initiate a form to enter the codes.
If your SMS API configuration is incorrect due to wrong API keys, you will see an error message that looks like this.
Steps 3 & 4: Confirming 2FA codes and publishing the announcement
Once the moderator gets the codes, he enters them into the form and clicks submit.
If the codes are valid, the bot will take the announcement the moderator posted and publish it to the #announcements channel for everyone to see :)
If the 2FA codes are invalid, the bot will respond with an error message — as shown below.
Conclusion
This summarizes all features and the current state of the 0xRebels’ GM 2FA Announcements Bot. As we mentioned at the beginning of the article, the bot is not production-ready yet, but:
- You can invite it to a test server and try it out;
- We expect to ship the first version of the GM Bot over the next couple of weeks, if not sooner.
If you decide to test the GM Bot and you need some help, feel free to reach out to us on Twitter at 0xRebels-we’d be happy to help.
By joining us in building this bot, you are helping to make the NFT space safer for everyone. You are helping to create a brighter future for the NFT industry and everyone in it. And if together, we manage to protect at least a few people from losing their BAYCs, Lands, NFT Worlds, We Are Satoshis, Invisible Friends, or any other NFTs and protect them from the feeling of being violated and robbed, we did a great thing.
