Phishing Bots

Phishing Bots. I know, "Don't click links." bla bla but if you are running a community server, that does not help all the time. (This is an example of a phishing attack.)

They are raiding in groups, like vikings. They are joining to your server in groups of 20 or 100 users and spamming all of the members in that server, doing their job, stealing accounts and just going. Without getting registered, confirmed or verified.

This is a sad thing because protection-wise, we can only do so few. I mean how can i block that person's being able to dm to members so quickly?

Actually we saw some loopholes, similarities and made a bot that detects simple token generation attacks and blocks them but they are not all the time opening/generating new accounts (aka Tokens), they are buying tokens and we have no idea how we can stop it, since they are randomly taken from the real users. 

We stopped newly generated accounts by simply their account age, most of them is opened in same minutes and also they are maximum 5 days old or mostly 1 & 2 days old. So we just ban them, dming them "If this is a mistake, go to our support server. discord.gg/invite." etc.

Actually, in simple words, it is "Account Age Restriction". If your account is not older than 1 week, you can't join our server. 

But i think discord needs to solve this since the discord has power, authorization, rights and great developers.

Just few little things could solve it, in my opinion.

The Suggestion Part;

• Blocking "being able to dm people when you just got in to a server", because then what is the point of "Membership Screening"? Why people can dm to our members when they are not counted as "In the server" or "A Member of the Server". Just joining shouldn't mean you are in. Because, bots can just take the list of members when they just joined to a server and dm those members instantly from that list, even you quarantined them in miliseconds. Because it isn't important do you see them or not in the server. If you have a dm channel opened with them and just in the same server; you are okay and  ready to dm. What? Why? Just simply count them as "Not in the server" or add a new feature that blocks them.
• Detecting phishing links. (Like steamcommunity: ✅, steamcommunify: ❎)
• Detecting the characteristics of a raid. (It's kinda harder but still, would be good.)
• Having an option to isolate your members from "New Joined" members, it is kinda same with the first one but different.
• Being able to give everyone a role that is currently in the server, so we can easily switch to verification systems based on roles.

Those are the simple suggestiones just came to my mind and there are more if you think about it. Please discord, our members are getting attacked all the time and we can't just use verification systems based on roles, you can't give a default role to everyone if your server is over 25k and we dont want to open multiple bots to give all of the people a role and spam the api. 

- Much Loves 🧡