ModRater is launching our own bot
We are proud to announce that ModRater is launching our own bot: ModX. Our bot will be private for now and we will give our existing clients the first beta version to try out. The bot would mainly help to update our client’s analytical dashboard: https://modraterx.app/dashboard/ServerXYZ
ModRater takes security very carefully. As a result, for the first release of the bot, ModX will only have read permission on past messages and audit log. This is because that we notice in most of the past bot hacking incidents in other NFT projects, the hacker usually takes control and use the “send message” feature to blast out spam links.
In addition, we’ve also talked to many experienced discord security experts on what to do if threat actors take control over your server. Here are some guidelines (in the order):
(1) First, let the community know, usually via twitter. Usually the threat actors would have prevented you from making announcements on discord. Use the rest of your social media account to let the community know that your discord has been compromised and warned your members NOT to click on any links.
(2) If you are sure that the threat actors gain control over your server via a bot, then right away you have to ban the bot. As a server owner, you can manually kick the bot out via your server settings. You can also use some of the most popular bots, such as mee6 bot (!ban @bot). However, the majority of modern compromise happens via webhook (ModX will not have webhook management permission). Here is how to disable the webhook permission:
Go to your server → server settings → audit log → filter by action (top right) → type in “create webhook”
You can find which account is being compromised and disable the webhook. In general, we recommend all of our mods to disable personal webhook permission, (to see more tips on secure setup: https://modraterhub.app/blog_article/secure-discord-setup)
Most of the bot hacking happened via personal attack. Usually the threat actors identify key members with bot access and hack their accounts. In very rare instances (don’t happen any more if you update your discord version), an individual can invite a malicious bot. In such case, you can use the audit log to identify the malicious actor. If one of your mods account turns out to be compromised, they should change their passwords (this will help reset their tokens), and enable 2FA features to lower risk of attack again.
If you’d like to get on to our waiting list for the public release of ModX, visit here https://modraterhub.app/analytics_landing_page or contact me at email@example.com