How to Not Worry So Much About Your Discord Server Security
By taking the proper steps and precautions, your server should remain as safe as Ft. Knox.
For many communities using Discord, the Discord server is their central nervous system and it is virtually impossible for them to function without it. That’s why it is so important — nay imperative — that all developers take the appropriate steps to ensure the server’s safety and security. We’re going to look at some of the threats and some of the tools you, as a Discord server owner, can use to identify, mitigate, or prevent them.
Know your enemy. That’s key to defending your project and your server. You must see and understand threats and tactics used by those who would do harm to you and your community. There are several types of attacks that lead to one outcome — a takeover of your server. Here’s how this can happen:
- Server Takeover by Allowed Entry — First, using common sense with Discord, we have to consider something our moms warned us about when we were young — don’t trust strangers and don’t invite a vampire into your home. Not allowing bad actors through the door to bad things, such as make unauthorized changes to the server, is a surefire way to stay safe.
- Server Takeover by Hack — Again, don’t trust strangers and stay away from their candy and strange links. A Discord server is a fertile ground for a malware attack as the malware can be easily spread to other users’ accounts. These can be disguised as amazing offers that say “Click Here,” but clicking will bring you nothing but trouble.
- Server Takeover by Force — This is as simple as someone coming into your house, and kicking you out, and locking the door. However the malevolent character comes in, you won’t be able to remove them after they change your administrative protocols.
- Fakes — Fake accounts and fake tokens are as bad as fake news. You want to believe they are real as they boost your community or wallet. But fake accounts are ways for the evil to enter your server. They can release malware, cause problems with administrative properties, and disseminate false information. This kind of information includes cases involving news about tokens and NFT releases where scammers will often find a new legitimate token about to be listed and create a very similar listing prior to the release of the official one. Participants are fooled into buying the fakes leaving the victims with nothing and there’s nothing they can do about it. Remember, if it is too good to be true, it usually is.
How to Protect Your Server and Counter the Threat
Now known of the enemies’ tactics (and as we all know from GI Joe, ‘Knowing is half the battle’), let’s discuss how to counter them. Discord experts recommend the following:
Assign rules and roles
Roles are essential to the management of a Discord server. Each role is defined by what members can and cannot do on the server. Roles give you the ability to provide administrative permissions to members to perform tasks such as member management. These permissions are powerful tools, but be wary of who you grant this power. Changes made to your server can’t be undone. And by limiting the number of people you empower with these controls, you have fewer people to worry about managing. You can learn more about setting up roles and permissions here.
Set Verification Levels
Server verification levels allow you to control who can send messages within your server. Setting a high verification level is a great way to protect your server from spammers or raids.
These levels range from None, where any new member can communicate without restrictions, to Highest, where server members must have a verified phone number of their Discord account. Most servers select the High level (4th out of 5 levels), which requires users to be a member of the server for at least 10 minutes before they begin sending messages. Extremely detailed scientific research says that most raiders don’t have the attention span, fortitude, or endurance to wait that long before unleashing their attacks.
A common tool for raiders is the use of fake accounts, which can be commonly identified by observing new accounts, those without profile pix, those who don’t participate in the server discussions, or have no social media accounts linked to them. Human verification of these traits can be time consuming, so administrators can also use a Discord security and checkpoint bot to verify, such as altidentifier or logibot. These automatically identify and remove or block potential raiders by observing anomalies in memberships, identifying those who may have the characteristics of a raider or have other malicious intent. They can be set up to automatically remove the offending user or account.
Enable server-wide (2FA)
Protect your server like you would your bank accounts and digital wallets, both of which are increasingly requiring the use of 2FA. In Discord, server-wide 2FA demands your moderators and administrators to enable 2FA on their accounts in order to take any administrative action. This protects your server from seeing the admin accounts hacked and then having the hacker alter your server.
Activate age-restricted content filter
Inappropriate material can be automatically detected by activating the Age-Restricted Content Filtering, reducing the risk of NSFW material being shared on your SFW server. The filter has three levels where Discord will scan and delete and media — no scans, scans of members without roles, and the highest level of scrutiny, scan all members.
Addressing the Fakes
While verification and a lot of these other tools can help identify and prevent the fake accounts, ensuring your participants have the correct information when looking forward to events, promotions, or anything else, is critical. Providing the correct contact information, channels for information dissemination, and any types of process updates are also needed if you want to keep your community. If the information isn’t readily available, people will run away faster than you can blink.
Lock Your Server When Preparing to Mint
One hour prior to a mint, you must lock all channels in your server prohibiting general use. Then only use the announcement channel to communicate. Once the mint is complete (or two hours after the mint has successfully launched) you can unlock your channels. This is done to avoid hacks or people posting fake links in your server right in the middle of all of the chaos and mayhem that inevitably occurs before you mint.
Have a Backup
Always have a backup plan. Prior to your mint, tell all of your server members to join and watch your telegram and twitter for any announcements. In case your server is compromised, this is an avenue for you to provide verified information .In the event of a hacked server, you can message your audience across these channels to keep them up to date about what is going on.
Just Be Smart
No matter what, it is almost inevitable that a bad actor will try and interrupt your server in some way or form, especially if it is a successful community surrounding a successful game or other venture. To make it simple, don’t download anything suspicious, keep an eye out for strangers and anomalies, and put a tight leash on your controls. By knowing what you are up against, you can take these common sense steps and the not-so-common sense ones to protect yourself, your investment, and your community and continue making it an enjoyable experience for all.
About The Booknerd.eth
The booknerd.eth is the founder of Block Capital and one of the country’s foremost digital marketers. A leader in the growth of blockchain and the NFT space, he is a founding member of the WhalemakerDAO and has invested in top metaverse and Web3 companies including IVC, SimWIN, YGGSEA, and HubSpot. He is also the president and co-founder of Results.io, a marketing venture focused on driving engagement for projects entering and operating within the metaverse.
Facebook | Twitter | Twitch | YouTube
About Results.io
Results.io is a Web3-focused growth agency specializing in marketing and community cultivation and looks to help industry-leading projects drive engagement for NFT, P2E, and IDO’s. Learn more about the company at Results.io
