SSO Module 5 - Keep your Discord Community Safe: Comprehensive Discord Safety Protocols

Web3 users self-custody valuable assets on Discord, a platform not initially designed for such stakes. This guide offers crucial tips for community managers, from thwarting raids and bots to educating about scams. Prioritize your community's safety in the crypto realm.

SSO Module 5 - Keep your Discord Community Safe: Comprehensive Discord Safety Protocols

So what are some tools, advice, and behaviors you should do as a community manager to keep your community safe in Discord? Although many of these require permissions to set these up, they are good to bring up with whoever manages the discord (if it's not you) so you can ensure you have the tools needed to keep your community safe! Let’s jump in!

1) 🛡️ Protect Your Server From Raids 🛡️

Raids usually only become a problem once a server gets large, but the baseline raid protection tools included in Discord are a good idea for everyone to implement! To ensure the safety of your Discord server, it is important to implement Discord’s Safety Setup measures. You should:

  1. Enable Raid Protection to defend against a large group of malicious accounts joining at the same time (Server Raid)
  2. Enforce Two-Factor Authentication (2FA) for Moderator accounts to reduce likelihood of Moderator account takeovers
  3. Set Verification Levels for new joiners to reduce spam and Server Raids

Refer to the Discord support article for details on how to set these three features up. If you want to be extra safe from raids, Beemo is a great low-setup solution for raid protection as well.

2) 🤖Protect Your Server From Bad Bots 🤖

Oftentimes, the lowest form of scammers are automated bots trying to slip into your server to fool your users with low effort DMs, posts, threads, etc. They pass on responders to human controllers to start scamming the target through social engineering. As a second line of defense, it's good to put up some protections like these so they don’t even bother and find some other server to bother!

  1. Name Filtering - Use bots like Hashbot and Wick to prevent accounts with names like Server Support, Team Admin, and Support Bot from joining your server.
  2. Captcha Bots - Captcha bots such as Pandez Guard, Captcha Bot, and Wick put a “proof of humanity” test in place. The best tests are in-line, and don’t require users to go to another website, scan a QR code, or be DMed by a bot.
  3. Monitor Join Channel - Have a channel visible only to mods that show who joins your server. Have mods keep an eye on that periodically to view patterns and manually intervene when something is off.

3) 🚔Protect Your Server From Scammers🚔

Verification and Filtering are good for keeping the majority of scammers out, but some inevitably still enter the server. From there it is up to the mods and admins to limit the damage they cause to taking up space in the server logs! Some tools you can use to help fend them off are:

  1. Automate Moderation - Automod is when you set bots to automatically assign punishments for breaking your server’s rules. You can use native Discord Automod or customizable mod bots like Carl, Wick, Dyno, or YAGPDB to set up spam filters, link blocking, and other features.
  2. Emergency Lockdown - For emergencies or immediate security threats, shut down all server activity using lockdown mode from Carl, Goodknight, or Wick
  3. Limit Use of Overrides and Non-standard Perms - You may find yourself creating more and more channels and wanting to limit them and allow certain activities and roles to do certain things in your server. This complication should be avoided. It complicates your setup, and opens the possibility of accidentally allowing private threads or other exploits that may allow scammers to function without detection!

4) 👤 Protect Your Server From Yourselves🤨

The number one way that servers get compromised is by socially engineering an over-permissioned moderator. Here are some things you can consider that will both allow community managers and moderators to do their job, and protect your server and community as well:

  1. Least Privilege - Make sure your mods have limited permissions. In the world of Web3, scammers are willing to play the long-game, and compromising an over-permissioned mod in a high value server is the dream! Limiting these permissions is crucial: Administrator, Mention @everyone, here, All Roles, Manage WebHooks, Manage Server, Manage Roles, Manage Channels, and Ban.
  2. Temporary Access - Bots like Good Knight allow for mods to temporarily escalate permissions using a second password, to do their functions like banning users or making announcements. Gate actions such as announcements and bans with Temporary Access! This means that if your mod/community manager account gets hacked, the attacker won’t be able to use the account to do scalable actions like announcing to the `@everyone` tag.
  3. Cold Admin - Assigning the server owner role to a “cold” account, separate from the day-to-day accounts for admins, is a wise practice. Use this account in emergencies or setup changes only. Follow Discord’s instructional article to transfer server ownership.

5) 📖Protect Your Server by Educating Your Server! 📖

Educating your mods and your community is critical to keeping your server safe. If your users are getting scammed at an individual level, let alone server level, it can still create negative sentiment and feel bad moments for the community. By showing your commitment to security, you show your community that you care about them and lessen the risk of any of these negative events from happening on either a small or large scale. We recommend these methods:

  1. Educate Your Mods - Resources like Server Forge have a ton of hypothetical and practical hands-on games, quizzes, and material that is focused on community managers, mods, and admins!
  2. Educate Your Community - Boring Security just came out with a Social Media Security course and we’re happy to partner with communities and offer these classes for free! Educating your community on common scams like the Bookmarklet scam or QR code scams, and encouraging DMs off of users in the join process are the bare minimum in our opinion!
  3. Keep it Going - Security isn’t a once and done endeavor. Offer incentives, opportunities, and share material and alerts to keep security top of mind for your community. In web3, communities can’t afford to ignore security and assume it is a solved problem. It requires continued focus and commitment by your community to keep it in mind for everyone!

Additional Resources

For further information and resources related to Discord server security, consider exploring the following:

Summary

Congratulations! You finished Module 7 - Keep your Discord Community Safe: Comprehensive Discord Safety Protocols

Let’s review your learnings:

1. Guard Against Raids

  • Use Discord's built-in safety tools.
  • Activate Raid Protection, enforce Two-Factor Authentication (2FA) for mods, and set Verification Levels.
  • Beemo is an advanced solution for raid security.

2. Defend Against Bots

  • Bots can scam via automated messages.
  • Implement Name Filtering with Hashbot and Wick to block suspicious names.
  • Use Captcha Bots like Pandez Guard and Captcha Bot for human verification.
  • Set up a mod-only join channel to monitor new joiners.

3. Secure Against Scammers

  • Despite precautions, some scammers might infiltrate.
  • Deploy automatic moderation with tools like Carl, Wick, Dyno, or YAGPDB.
  • In emergencies, use lockdown mode with Carl or Goodknight.
  • Avoid complex channel setups which might be exploitable.

4. Protect From Internal Threats

  • Most server breaches result from manipulated moderators.
  • Adopt a Least Privilege stance; limit mod permissions.
  • Good Knight offers temporary access features; use it for controlled permissions.
  • Designate a separate, rarely-used account as the server owner.

5. Educate for Safety

  • Knowledge is key to safety.
  • Train mods using resources like Server Forge.
  • Partner with initiatives like Boring Security to inform the community about common scams.
  • Security is an ongoing effort; regularly update and educate your community.

This article was brought to you by: