Good Knight Docs
Search…
⌃K

What to do if your server has been hacked?

Reset your password

99% of Discord "hacks" are actually phishing or social engineering schemes that trick users into exposing their Discord token. The token is a special private key that can bypass a user's login password and even 2FA. If the hacker has your token, they can control your account! The only way to stop them is to reset your Discord password. This refreshes your token and kicks them out.
Tell everyone on your team to reset their password ASAP

Contact your cold admins

Ultimately, cold admins/server owner may be the only accounts with high enough permissions to eliminate the hacker. Send messages to them as soon as possible.
If you don't know what a cold admin, check here​

Check the server audit logs

Your server audit logs track every major change within your server. Reading the logs is key to finding the hacker. If you have access to the logs, look for the first sign of suspicious activity like added bots/webhooks, user permissions changes, mods being kicked/banned, etc. The logs are available from Server Settings -> Audit Logs. Watch out for the hacker giving dangerous permissions to their alt accounts.

Fight back

  • Post messages warning your users that your server has been hacked
  • If the hacker deletes those messages, change a channel name to warn users that your server has been hacked
  • Post on other social media that your community follows

Document

  • Take screenshots of malicious links and posts that the hacker sends
  • Record the Discord IDs of their accounts and bots (right click on the user and select Copy ID)
  • Record any voice chats they send.

After you regain control

  • Perform another sweep of the users to look for unexpected bots
  • Check your server vanity link to make sure the hacker hasn't redirected it to their own server