Hey folks, while we’re still finalizing some things with my early GIF proposal, it makes sense to try and push through another less expensive but critical proposal:
tl;dr: Jon is well known Discord Security Specialist, pay Jon 5ETH to secure the Doodles Discord. Mushy who currently handles everything in the Discord approves of this proposal.
I’ve done Discord Security audits for large projects like Pudgy Penguins, Mutant Hounds, Street Machine, Chubbiverse, and many others. I am one of the best known people in the space for providing this service.
One often asked question is what a Discord audit entails, to put it simply, I go through every setting, inspect every single bot, every role and channel, and then do a lot of testing to make sure that in the case of a compromised account there is minimal damage.
While some people think this shouldn’t take too long, the most recent audit I just completed for Mutant Hounds had 2558 different individual channel permissions that were flagged as a soft fail when I did an automated check (that I developed) on their setup. Each of those failures needs to be checked, understood, and then secured properly. There is no one size fits all solution for each community.
My audit report consists of the following checks:
- Pre-audit Review
- Cold Admin Setup
- Bot Installation and Coverage Review
- User Webhook Review and Deletion
- Bot Generated Webhook Inspection
- Server Settings Analysis
- Channel Usage Overview
- Role Usage Review
- Role Permission Overhaul
- Dangerous Role Permission Removal
- Set up Announcement Bot
- Category Permission Setup
- Channel Permission Sync + Modification
- Automoderator Bot Setup
- Wick Bot Configuration
- Anti-webhook Bot Setup
- Team/Staff Training + Command Guide
- Second Full Check of All Roles and Channels on an Alt
- Third Full Check Using Bot Export Of Perms
The audit report I’ve built is designed to consider and minimize the following attack vectors:
- Server Owner Phish
- Team Admin Phish
- Collab Manager Phish
- Moderator Phish
- Team or Moderator Insiding
- Bot with Admin Perm Compromise
- Bot with Dangerous Perm Compromise
- Non-security Bot Compromise
- Fake Bot Install
- Bot Misconfiguration
- Ping Permission Error
- Self-bot Raid
- Fake Trade or Fake Collection Links
- Impersonation Bot DM Spam
- User Permission Escalation
Once the audit is complete, my report document is usually 20+ pages long. This report will be delivered to the Mushy and the Team. A summary will be provided to the community upon completion.
This is an extremely thorough and exhaustive process that is critical to ensure that the Doodles Discord and by extension, the community, remains secured.
In just the past year millions have been stolen from various communities through Discord compromises. This hits communities hard. The phrase an ounce of prevention is worth a pound of cure is extremely relevant here.
For the size and complexity of the Doodles Discord I am quoting 5ETH to complete the audit. This will come with 2 weeks of free support and includes custom Security bots I’ve created.
Quote/Ask: 5 ETH
Timeline to completion: After approval, and the team completes pre-audit steps, 4 business days.
Doodle ID: 2906
Needed Quorum: 5%