Security

Security is an important topic to discuss. If security measures are disregarded, your bot and/or account could be at risk of being hacked.

This article will share tips about how you can keep your bot and account safe.

Sharing Tokens and Passwords

Do not share token(s) with anyone. This includes both bot and regular user account tokens. Sharing your bot token with someone (or posting it publicly) will grant them full access to edit your bot. While sharing your user account token with someone (or posting it publicly) will allow them to have full access to your account (even if they don't have your password or email). Once someone has your account or bot's token, there is a high chance of it being used for malicious purposes. For example, stealing personal info, spreading scams, modifying your bot to nuke/raid servers, etc.

In the event, that your bot's token is shared, the only thing you can do to secure it is to regenerate the bot's token. But by then, the damage has most likely been done. In the case of a user account token, if you still have access to your account, regenerate your token by changing your password. If you cannot or don't have access to it anymore, you will need to contact Discord support for an optimal solution.

Passwords, like tokens, should not be shared. If, however, you accidentally share your account password, you should change it as soon as possible.

📌 If your account is hacked, you should contact Discord for further assistance.

Account 2FA

Bot owners should consider enabling two-factor authentication on their accounts. Learn more about 2FA and why it's essential for bot owners.

Sessions

Discord recently added the ability to see all your current sessions and their respective locations.

image

If you see a device or location that you haven't authorised, you can log out of that particular device by pressing the 'X' button or all known devices by clicking the button at the bottom of the page. This will log out those sessions, invalidating the tokens. 

image
image
image

Avoid Scams and Untrusted Links/Files

Scam (or "phishing") links put user’s accounts, personal information, and IP addresses in the hands of scammers and hackers. There's some good news, these scams are preventable! This section will discuss how to protect yourself and your friends from harmful scams.

  • Trusted Links are links that can be trusted to visit.
  • Untrusted Links are links that should be avoided.

This sub-section will breakdown how you can identify between a trusted link and an untrusted link.

  1. Does the link have a weird spelling?

    If a link looks shortened or altered, that usually means it's an untrusted link. For example, discord.com is the official Discord site; while something like dlscird.com is not.

  2. Is it out of context?

    If a user sends you a link that is out of context of your previous discussions (or if you've never talked to them) then you can bet on it being untrustworthy.

  3. Was the link sent by a friend?

    At first glimpse, you'd assume this makes the link more trustworthy. But, it could be that their account has been compromised, so you should still be careful when clicking links from friends.

  4. Too good to be true?

    Free Nitro scams are extremely common. If you get a DM from a random user/bot telling you that you won something or can earn Nitro, just disregard it.

  5. Asking for your password/user token?

    If a site is asking for your Discord account information—don't input it. You should only share your Discord password via Discord's official login page. Discord will never ask for your user token.

System Messages

If a message is officially by Discord, there will be a 'system' badge next to the system user's name, like:

image

The following is a list of all official Discord links that are operated by Discord themselves.

  • discordapp.com
  • discordapp.net
  • discord.com
  • discord.dev
  • discord.new
  • discord.gift
  • discord.gifts
  • discord.media
  • discord.gg
  • discord.co
  • discord.app
  • dis.gd
  • watchanimeattheoffice.com

Common Scams

ex1
This scam is using a phishing "steam community" URL, to potentially steal your account details.

ex2
Inviting the bot will cause your server members to be mass DMed, with the same/similar message you got. Also, Nitro Generators break Discord ToS.

ex3
"I reported your steam account on an accident" scam.

Files

Files are like links, treat them with the same care. Avoid downloading non-image/text files. And, don't fall for these types of scams:

image

Maintain a Safe Account

Keep in mind, if your account gets hacked; said hacker will have access to all your bots and their tokens. For more info about setting up a secure account, read Discord's Support Article.

Summary

Never share your account token or password with anyone, the same stands for your bot token(s). Do not visit untrusted sites or download untrusted files. Keep your account safe, as if your account gets hacked; then your bot(s) could be hacked as well.