May 7, 2023
Hackers and scammers are targeting vulnerable Web3 communities for big payouts. Here's how you can improve your Discord server’s security with three simple steps.
While Discord is an amazing tool for all these purposes, these community hubs are the perfect target for scammers and hackers. Discord can be overwhelming with all the settings, especially if you’re setting up your server for the first time. Here are three essential tips to help keep your community safe from malicious actors.
Public channels may seem very appealing as they are visible to everyone, but they can actually pose a security risk. If you’ve been in any Web3 Discord community, you’ve probably received a scam message to your DMs. Whether it’s a “free crypto” scam, or a social engineering attack to get you to click on a phishing link, these private messages can overflow your Discord DMs.
To understand why public channels are dangerous, it’s important to understand how these DM scams work. These scammers write scripts to automate activity from a normal user account, also called “self-bots”. They’ll then run the script on hundreds of accounts, to mass spam a community’s DMs. They find their victims with the member lists they can see.
It's important to note that the member list only includes users who have access to that channel. The key to greatly reducing the DM spam to your community is to separate channels into two buckets: pre-verification channels and post-verification channels.
Channels that need to be visible before a user verifies themselves should not be visible once a user has verified themselves.
In order to set this up, make sure that your channel is accessible to the @everyone role, but remove access for your verified role. The member list in these channels will no longer include any of your verified members, meaning that DM spams and scams will be greatly reduced.
Once a user has verified, they should gain access to the rest of the channels. In order to allow only certain roles, such as your verified role, you should use Discord's private channels feature. Add the verified role, and any other roles that need access, to the private channel to give them access.
If you’re looking for a verification tool, you can use SecurityBot’s in-channel captcha based verification feature.
One of the best features of Discord is the ability to build automated tools called bots. They have been used to build some amazing utility, including verified ownership, games, and scam prevention tools. But, they can be dangerous too.
Bots could be designed to steal user data or spread malware. Even bots that are usually considered to be safe can pose a security risk. Last year, the famous Mee6 Discord bot was hacked, which caused scams in the Axie Infinity community, among others.
To reduce your risk of encountering malicious bots, only use bots that come from trusted sources and regularly check your server for unusual bot activity. To reduce your risk of becoming a victim of a Discord bot hack, keep the number of bots in your server to a minimum. Only keep bots in your server that you regularly use, and remove any bots that you stop using.
There is a principle in information security called the principle of least privilege (PoLP). In short, it means that users should only have the minimum necessary permissions.
One of the easiest ways to boost your security on Discord is to restrict permissions for users and roles. Limiting permissions to just the absolute necessary permissions can help prevent accidental or intentional damage to your server.
Another trick is to set the server level permissions for your member roles to have no permissions, and grant permissions at the category or channel level. That way, if you make a mistake when creating a new channel, you will automatically err on the side of too few permissions, instead of too much.
Discord security is of paramount importance, especially as your community grows and faces potential threats from hackers and scammers. By following these three key steps — not using public channels, streamlining bot usage, and restricting role permissions — you can bolster the security of your Discord server and protect your community from various attacks. Remember, maintaining a proactive approach to security is essential to create a safe and enjoyable environment for all your community.
© 2023. All rights reserved.