API Applications having IP whitelist
I think that that any Discord API application should have the ability to have an IP white list feature where the owner of the application can restrict a application login / function request to only work from white-listed IP's. This would prevent tokens that get accidentally leaked from being stolen and especially with bots preventing bots from causing chaos on several of the servers it's on.
For those who aren't developers or don't fully understand:
Basically this feature will essentially prevent any and all bots in your Discord servers from being "hacked" and "nuking" your server (Deleting everything & Banning everyone).
Although this wouldn't completely stop it, it would reduce it a lot, the only way after that would be gaining remote server access to run malicious code on the whitelisted server.
I support this idea, would be great.1
I really like you idea, and to be completely honest, and as Shay said, this would not completely eliminate the concept of leaking your api tokens by mistake or being hacked and having it taken that way. It's still a step in the right direction to help prevent it just a little bit more.1
You're absolutely right, it wouldnt completely eliminate the problem. It would greatly lower the number of times its happening because then you'd have to first find out the whitelisted IP then breach that server1
Well for users who uses online services for bots, they shouldn't care, but actually I'm talking about users who hosts their discord bot on a server. also classless whitelisting could be cool, to allow only some ranges, as example if you home host and you have a dynamic IP, you could just specify a classless IP to whitelist.
You can know what the IP is while you're the owner.0
Yeah, this would be amazing. A server i am on just got 3 bots hacked.0
This actually has a ton of support on an issue over in the API docs GitHub... just linking this here for reference:1
One of my servers got destroyed by nuking using my own bot so I really want this feature0
The GitHub issue #788 was closed. A discussion continues it.
Please sign in to leave a comment.