prevent malicious webhooks and common hack methods

Good Knight anti-webhook protection complements our anti-link technology. A common hacker tactic after compromising an account is to add a malicious webhook to the server. This gives them the ability to quickly and automatically send @everyone messages. In addition, they can modify the webhook's username and avatar to trick their victims and avoid revealing the account that was compromised.

Good Knight protects against webhook attacks by blocking any messages sent by unregistered webhooks and removing unwanted webhooks. Webhooks are treated based on their danger:

  • Open Webhook - deleted immediately Open webhooks are created from the server Integrations tab (Spidey/Captain Hook). Since anyone with Manage Webhooks permissions can access their secret URL (token), these are the most dangerous

  • Channel Follow - deleted after 5 minutes Channel follows are created when you "Follow" an 📣 announcement channel and can be registered to permit them

  • Closed Webhook - deleted after 5 minutes Closed webhooks are created by other bots and can be registered to permit them

  • Secure Webhook - immediately registered Secure Webhooks are created through the Good Knight Webhook Manager, ensuring that their secret URL is password protected

While the Secure Webhooks are protected by Good Knight, they are only as secure as their URL (token). If the webhook URL is shared with a malicious entity, they can still be dangerous.

Last updated