Web3 communities are a prime target for scammers, especially as their popularity grows. With all the ways that Discord users can be reached, how can you consistently protect your community? Thankfully, the security you need is now built in to Discord. Their security help article covers the basics, but this will get you the rest of the way.
Large numbers of spammers can flood your server with low quality content to distract administrators and moderators from threats, as well as flood your server logs with events such as role assignments and members joining to hide the changes they make. This is sometimes referred to as a server raid. They may also post unapproved links in an attempt to steal community member credentials and tokens. Always configure the following settings to help protect your server from this:
@mentions
or post to announcement channelsIf you know of an individual or team that can be trusted to secure your server or verify that it has been secured, and you have time to schedule an audit, it’s worth the time and cost to have them identify risks. If you want have a good understanding of what permissions could put your server at risk, the auditor join you in a screen share so you can make the changes yourself. The auditor should check for the following, and more:
Designate administrators or senior moderators to monitor logs for administrator activities to see if bots or other administrators are performing suspicious tasks, such as granting elevated permissions. Some bots can post specific log entries to a channel.
If you're concerned about security threats due to other Discord servers being attacked, or during important times such as your project minting a token, there are ways to quickly protect your existing community from attacks while focusing on crafting clear announcements and answering questions. These changes can also be quickly reverted.
As ways to exploit users continue to evolve, so does security. Contact me on Discord at Tidus#7150
or mention @tidus on Twitter at any time with feedback and questions.