Basic things to keep our discord accounts and servers safe
Discord is one of the most used chatting platforms for Hive users. There are so many other gaming communities and projects that are dependent on Discord. One of the biggest problems we have with Discord is that there are several bad actors who can hack the system and do some stupid things. A few days back Leofinance discord server had a similar incident where one of the admin accounts was hacked and the hacker pushed bots to take complete control of the server.
I would say that for any application, hacking is possible. Any bad actor can try and destroy any application if there are loose ends and we cannot build a product without any loose ends at all. I can say this without any hesitation being a developer. People say that there are systems that are very powerful but we might have seen news on how much Microsoft and other top companies are paying ethical hackers to break and penetrate their systems.
Considering the recent event that happened on Leofinance, I wanted to share some basic things on keeping the discord accounts and discord servers safe from hacks. Even if the server is compromised, there can be immediately action taken to protect the servers. Discord says that they cannot recover channels and messages once deleted. That's what happened on Leofinance Discord. The hacker introduced a bot and deleted all the channels on the server and also banned many active members of the community.
Basic login/logout/passwords
We are free to keep the security level of individual accounts high as well as low based on someone's usage. The same applies to servers as well. People can choose to keep a discord server highly secure and someone can keep it open to all with fewer restrictions. The basic thing to keep in mind is that passwords have to be strong. It is advisable to change your passwords frequently.
After the recent incident, it was also identified that login and logout can also help in gaining control of an account back if it is compromised. If an account is identified to be compromised and if someone else is in control of the account, usually logging out from all the devices and logging back in again helps in getting the account back. This technically resets the authentication tokens on the browsers and when logout and login happens, a new token is generated and the previous token loses its value. This logic applies to many web-based applications.
Two-Factor Authentication
This is the most important step for any server or any individual account. There is a setting on the server level to allow only 2FA-enabled admins to perform moderator actions. This is to prevent the server from getting affected even if the moderator's account is compromised. If an individual enables two-factor authentication, there is an additional layer of security to the users and even if their passwords are hacked, the hacker cannot penetrate further without access to the 2FA.
There have been cases where in spite of having 2FA, there is a chance that the hacker can still make use of the browser cookies to hack an account and make use of that. There are also ways to prevent this from happening and even if this happens, there are ways to get the control back.
Limited access to bots
If you are an admin of the server, make sure only a few people or only the most important person can add bots to the server. There have been cases where multiple people get admin access to a discord server and in order to experiment with new and attractive bots, they invite many bots to the server. It is not easy to keep track of all the bots and some bots are even capable of stealing all the messages on the server and preparing a complete data chart out of it.
The main server owner and a few users can have admin access to add bots to the server. I would even say that the server owner alone can have this access, this way unauthorized or harmful bots cannot enter the server without the knowledge of the discord server owner.
Saying up to date with the settings
Either be it individual or for the server, it is important to keep track of all the new settings that are getting introduced on discord security updates. Staying up to date with these settings and setting them properly helps in preventing abuse or hacking. Discord is also taking a lot of steps to improve the way the application works. But hackers are brilliant and they keep finding multiple ways to penetrate the application. Having the right server settings or individual settings should definitely prevent us from hacks.
If you like what I'm doing on Hive, you can vote me as a witness with the links below.
Vote@balazas aHive Witness
Vote@kanibotas aHive Engine Witness
