Home  /  Discord Security & Safety

Newsfeed


Shawn (OfficialChaos)
🛡️ ◢◣◢◣◢◣◢◣ 🛡️

Understanding Discord Tokens

February 23th 2024
Read More...

Discord Invite Link Safety

March 16th 2024
Read More...





Bad Actors don't always look like this!!!!

Discord Security

Understanding Discord Tokens


February 23th 2024 - 10:15 PM EST - by:@officialchaos

What is a Discord token?
Discord tokens are unique alphanumeric identifiers assigned to users and bots. They are a cryptographic representation of your Discord username and password, automatically generated during your account creation.

How do they work?
These tokens serve as authentication codes for validating and interacting with Discord servers. They are used to log in and in subsequent API requests to authenticate a user or bot. The token ensures that the requests are coming from a legitimate source.

What can someone do with your Discord token?
This token can be used in subsequent API requests to authenticate the user or bot. The token ensures that the requests are coming from a legitimate source. Using your Discord token, a malicious actor can bypass passwords and 2FA. Keep Discord tokens safe at all costs. Exposing a token can lead to unauthorized access of an account or bot, which can lead to a compromised server and worse.

Places tokens are stored:
Developer Tools
Browser Network Logs
Browser local storage / disk storage

Methods tokens can get compromised:
Mobile App if you scan a QR code
Any type of executable, e.g., EXE, APP, JavaScript etc…
Via a compromised chrome or browser extension
Malicious files
*Any file you open locally can be malicious. If you need to open a pdf/docx/xlsx/zip/7z/rar etc… open it in Google Drive instead of locally.

Best practices for managing Discord tokens
Keeping Tokens Secure. To ensure the security of Discord tokens, it's essential to:
Never share your token with anyone
If you're a developer handling multiple tokens, store them securely
*Do not make the mistake of using your token in your code…
Regularly review and update the security settings of your Discord account/bots

What to do If your token is compromised
If you suspect that your Discord token has been compromised, you should Immediately:
For Bots: Reset it through the Discord Developer Portal
For User Accounts: Change your account password
This will revoke your Discord token, generate a new one and log you out of all devices.

Based on your role and permissions, you might require an admin to deal with the threat. If you had admin perms, you might need either a server owner or a cold admin to deal with the threat.

Understanding more about your token, how it works and where it can be found, you're less likely to be exploited as new phishing attacks are developed every day.

Discord Invite Link Safety


March 16th 2024 - 1:35 PM EST - by:@officialchaos

Server Owners / Admins:
Keep your community invite links updated across the board. If you update your server’s Invite links, make sure that your community and any future members are aware of these changes. Delete all references to old invite links and update any websites, marketplaces and social media pages where your links are shared.

Also take note that If your server changes or loses its custom invite link, bad actors can claim your old invite link and impersonate your community to members just joining or trying to rejoin with the old link, this is never done with good intentions.

Popular servers that utilize a vanity Invite URL must be extra careful because if they somehow lose their partnership, verified or level 3 boost status, scammers will scoop your custom URL up.

Discord Users / Members:
As a general rule it is always important to be cautious when clicking on unknown links and joining unfamiliar servers. While clicking an invite link and joining a server, most commonly, won't harm you, the server itself may attempt to lead you down a rabbit hole of malware and phishing attempts.

Remember to always verify where a server invite leads, whether it was sent from a trusted source and confirm it is the actual and most recent official invite link. Be sure all invite links begin with the proper ‘(secure protocol) https:// and (Domain Name) https://discord.gg/’ (not discrod.gg or discod.gg etc…) and never scan a QR code to verify or join a Discord server!

If you paste an invite link into a Discord message you can get a little more info about the link itself, specifically, server name, icon, banner, member counts, your join status, whether or not it is a verified community server and boost level. You can also see whether an invite is invalid, expired and if you have been banned or have reached your server join limit. *You can join a maximum of 100 servers, that extends to 200 if you have Discord Nitro.

URL / Link Scanners:
If you wish to be extra cautious you can use a URL scanner to determine if a link has been reported by the community, if it is masked or redirects to another URL and much more information.

Here are just a few examples:

Cloudflare - Understand the security, performance, technology, and network details of a URL.
Virus Total - Analyze suspicious URLs to detect malware and other breaches.
IPQS - Scan URLs for Malware & Phishing Links.

Discord Audit Service

We will perform a full audit of your Discord to ensure that your server is fully up to date with all the latest security features.
We will inspect and configure your settings, rules, permission and more, to ensure you and your community are safe from scammers and malicious actors.

Full Discord Server Audit:
Roles and Permissions
Bots
Logs
Webhooks
Privacy Settings
Security vulnerabilities
Setup Hashbot for Username/PFP filtering
Setup Regex for Discord & bots
Configure Discord's security features

Results: :
A safer community space for members
Lower probability of security threats
Less tickets or support requests
Decrease in risk to your project

Contact Me Now


Hashbot Discord Guardian


Hashbot is a Discord Verified Moderation Bot, specially designed to enhance your server's security and maintain a healthy online community environment.

Hashbot’s primary mission is to actively monitor usernames and profile pictures on your server, efficiently blocking specific usernames and profile pictures (PFPs) often used by impersonators, spam bots, and other malicious entities.

Designed with Web3-related servers in mind, Hashbot offers tailor-made protection and support, ensuring that your server remains a safe and engaging space for all users.

With Hashbot on your side, you can enjoy peace of mind, knowing that your server is protected around the clock, even when your moderators are offline.

Hashbot.io
Invite Hashbot Now
@HashbotOfficial
Hashbot Discord

Pushing the limits of design and technology integration into everyday life.

Terms of Use
Privacy Policy


Copyright © 2002-2024
OfficialChaos - ® All Rights Reserved

OfficialChaos


SSL certificate ensures an encrypted, established and trusted connection.


φ = 1.61805...
π = 3.14159...
i2 = −1
√2 = 1.41421...
α = 2.5029
δ = 4.6692
OfficialChaos
1299 Ocean Avenue Suite 5A
Brooklyn, NY 11230
(973) 400 9327
shawn@officialchaos.com