prevent malicious webhooks and common hack methods
Good Knight anti-webhook protection complements our anti-link technology. A common hacker tactic after compromising an account is to add a malicious webhook to the server. This gives them the ability to quickly and automatically send @everyone messages. In addition, they can modify the webhook's username and avatar to trick their victims and avoid revealing the account that was compromised.
Good Knight protects against webhook attacks by blocking any messages sent by unregistered webhooks and removing unwanted webhooks. Webhooks are treated based on their danger:
Open Webhook - deleted immediately
Open webhooks are created from the server Integrations tab (Spidey/Captain Hook). Since anyone with Manage Webhooks permissions can access their secret URL (token), these are the most dangerous
Channel Follow - deleted after 5 minutes
Channel follows are created when you "Follow" an
announcement channel and can be registered to permit them
Closed Webhook - deleted after 5 minutes
Closed webhooks are created by other bots and can be registered to permit them
Secure Webhook - immediately registered
Secure Webhooks are created through the Good Knight Webhook Manager, ensuring that their secret URL is password protected
While the Secure Webhooks are protected by Good Knight, they are only as secure as their URL (token). If the webhook URL is shared with a malicious entity, they can still be dangerous.