Shielded Mass Mentions
The /post
command is an important security measure in disguise! A key to most discord hacker's tactics is to spread their malicious links and scams to as many people as possible, as quick as possible. In discord, the hacker relies on mass mentions like @everyone, @here, and @<roles> to ping large groups of people and draw them in, creating FOMO around their scam. Restricted access to mass mentions is an integral part to any server's setup. Usually, the Mention @everyone, @here, and All Roles
permission is restricted to admins and trusted mods.
When a hacker compromises a trusted account with Mention @everyone, @here, and All Roles
permissions, your server is at risk. In addition, admins and mods may have access to other bots that can mass mention users through message builders, webhook managers, or other features. This has led security-conscious servers to eliminate mass mention permissions from mods which requires a lot more work from admins.
Unlike other bots, mass mention commands are password protected through the Good Knight /post
command. This means that servers can give mods the power to use mass mentions without worrying about them falling victim to hackers. Another upside is that mods can mass mention users to warn them if a hacker is detected.
Setup
Eliminate
Mention @everyone, @here, and All Roles
permissions from all users and channels (any user withAdministrator
permissions can still mass mention)Remove access to bot commands that can mass mention. Individual commands can be turned off by going to
Integrations -> Manage Bot
Give any user that needs mass mentions the permissions to use Good Knight with the
/permissions
command
If Good Knight is ever down or kicked from your server, these users will not be able to mass mention. We believe this is still a better scenario than risking a hacker sharing their scam
Last updated