What to do if your server has been hacked?
Reset your password
99% of Discord "hacks" are actually phishing or social engineering schemes that trick users into exposing their Discord token. The token is a special private key that can bypass a user's login password and even 2FA. If the hacker has your token, they can control your account! The only way to stop them is to reset your Discord password. This refreshes your token and kicks them out.
Tell everyone on your team to reset their password ASAP
Contact your cold admins
Ultimately, cold admins/server owner may be the only accounts with high enough permissions to eliminate the hacker. Send messages to them as soon as possible.
If you don't know what a cold admin, check here
Check the server audit logs
Your server audit logs track every major change within your server. Reading the logs is key to finding the hacker. If you have access to the logs, look for the first sign of suspicious activity like added bots/webhooks, user permissions changes, mods being kicked/banned, etc. The logs are available from Server Settings -> Audit Logs
. Watch out for the hacker giving dangerous permissions to their alt accounts.
Fight back
Post messages warning your users that your server has been hacked
If the hacker deletes those messages, change a channel name to warn users that your server has been hacked
Post on other social media that your community follows
Document
Take screenshots of malicious links and posts that the hacker sends
Record the Discord IDs of their accounts and bots (right click on the user and select Copy ID)
Record any voice chats they send.
After you regain control
Perform another sweep of the users to look for unexpected bots
Check your server vanity link to make sure the hacker hasn't redirected it to their own server
Last updated