It happens all too often.
A Discord server gets completely wiped after a staff member goes rogue or a bot with way too many powers goes haywire.
If you're involved in the Discord bot development world you might remember when a certain server got wiped clean by a debug command gone wrong. Years of chat history gone in the blink of an eye. Poof.
This could have easily be prevented.
But how can you prevent it?
The importance of proper permissions
People are lazy. I should know, I am too :-)
After having invited a new shiny bot it comes all too natural to slap administrator permissions on it and call it a day.
After all, it's easy to do and it will never complain / malfunction for lack of permissions.
But this is very, very dangerous if you care at all about the integrity of your Discord server.
There is a concept in information security called principle of least privilege, which in few words translates in:
A user should only be able to do what it needs to do. No more, no less.
This is the #1 rule you should remember when securing your server.
Discord's permission model
Discord's permission system is quite flexible and powerful. It offers three different levels of permissions:
- Role permissions (server wide)
- Role permissions (channel specific)
- User permissions (channel specific)
You can picture them as layers: each layer has precedence (and therefore can override) the preceding one.
The server wide permissions on roles can be either ALLOW or NOT SET.
As for the other two, permissions can have a ALLOW, DENY or NOT SET status.
A user can, for example, have DENY permissions for "send messages" in a certain channel (due to the channel specific role / user permissions) but still be allowed to send messages in channel where the permissions are either not set or specifically allow them to.
Structuring your server's role hierarchy
I'll use our Red Discord community hierarchy model as an example that I think is common among communities. This is a simplified version of our hierarchy:
- Moderation bot
- Administrators (including server owner)
- Staff members
We use our moderation bot for four things: deleting messages, kicking, banning and muting people. Its "dangerous" permissions are limited to those actions only.
It can do a lot but in the event of a security breach it won't be able to delete channels or take action in channels where it is not allowed not.
Our administrators, which is group of 3 people (including myself), have the administrator permission. As Discord itself tells you:
Members with "administrator" have every permission and also bypass channel specific permissions. This is a dangerous permission to grant.
Our group has this permission for "internal politics" reasons: the three of us all have equal powers. This is fine when you have complete trust in the person you're giving this permission to.
Holding all powers and bypassing channel specific permissions is a pretty big deal security wise: if you do not 100% trust the person, give them only the permissions they need.
Arguably, it's good practice even if you do have complete trust in said user: accounts can get compromised and if they do, it's important they can only do the least amount of damage possible.
Our staff members, or moderators if you prefer, have more limited powers: they are able to manage messages in specific channels, mute people through the moderation bot and kick / ban.
In the event of a security breach their account would not be able to ban other staff members or superiors: Discord's hierarchy model prevents that.
Role order is very important to keep in mind when you're planning the role hierarchy for your server: users belonging to a role cannot take action on users belonging to the same role or superior roles.
Another really effective way to harden your server's security is to enable two-factor authentication for all administrative actions.
This forces all your staff to enable 2FA on their own account if they want to keep doing their duties. You might get some complaints but rest assured that you're doing them a favor!
Cranking up your verification level to medium is good too: effective enough against raids but not high enough to be annoying for newcomers.
I'll leave you to the useful Role Management 101 guide for a more in depth explanation of Discord's roles.