Security

Configure verification, anti-bot, anti-spam, and anti-nuke protection

Introduction

The Security configuration file (security.json) manages server protection features including member verification, bot protection, spam prevention, and anti-nuke systems.

Verification

Member verification system to ensure users are human before accessing your server.

roles_to_remove

Type: Array of Strings

Roles removed after successful verification.

verification: {
    roles_to_remove: ["123456789012345678"],
}

Typically used to remove an "unverified" role.

roles_to_add

Type: Array of Strings

Roles granted after successful verification.

roles_to_add: ['804354037662220289']

Typically used to grant a "member" role that unlocks server access.

automatic_verification

Type: Boolean

Auto-verify returning members.

automatic_verification: false

When true: Users who previously verified are automatically verified on rejoin When false: Users must verify again after rejoining

minimum_account_age

Prevent new/alt accounts from verifying.

enabled - Whether to enforce minimum account age (Boolean) age - Required account age in format "<months>mo <days>d" (String)

minimum_account_age: {
    enabled: true,
    age: "30d",
}

Examples:

"28d" - 28 days
"1mo" - 30 days
"1mo 12d" - 42 days
"1y 11mo 2d" - 692 days

user_join_activity

Temporarily disable verification during bot raids.

enabled - Whether to monitor join activity (Boolean) max_joins_per_minute - Maximum joins allowed before triggering (Number) disabled_for - How long to disable verification when triggered (String)

user_join_activity: {
    enabled: true,
    max_joins_per_minute: 30,
    disabled_for: "15m",
}

If more than 30 users join per minute, verification is paused for 15 minutes to prevent bot floods.

unverified_kick

Automatically kick users who don't verify.

enabled - Whether to kick unverified users (Boolean) kick_after - How long to wait before kicking (String)

unverified_kick: {
    enabled: false,
    kick_after: "30m",
}

Keeps your member list clean by removing users who don't complete verification.

must_be_synced

Type: Boolean

Require Minecraft account sync before verification.

must_be_synced: false

Requires: Minecraft addon

Anti-Bots

Type: Boolean

Automatically kick bots added to your server.

anti_bots: false

When true: All bots (except those added by server owner) are kicked immediately When false: Bots can be added normally

Requirement: Moderation plugin must be loaded for this feature to work.

Protects against malicious bots used for server nuking.

Message Spam

Auto-enable slowmode during spam attacks.

enabled

Type: Boolean

Whether to enable spam protection.

message_spam: {
    enabled: true,
}

max_messages_per_minute

Type: Number

Message threshold before triggering slowmode.

max_messages_per_minute: 30

If more than this many messages are sent in a channel within one minute, slowmode is applied.

slowmode

Type: String

Slowmode interval to apply.

slowmode: "10s"

Users can only send one message per 10 seconds when triggered.

duration

Type: String

How long slowmode stays active.

duration: "15m"

whitelisted_channels

Type: Array of Strings

Channels exempt from spam detection.

whitelisted_channels: ["804354119523500082"]

Anti-Nuke

Prevent server destruction by monitoring destructive actions.

enabled

Type: Boolean

Whether to enable anti-nuke protection.

anti_nuke: {
    enabled: false,
}

violations

Type: Object

Point values for different actions.

violations: {
    member_ban: 5,
    member_unban: 3,
    member_kick: 3,
    member_prune: 14,
    channel_delete: 2,
    channel_create: 1,
    role_delete: 2,
    role_create: 1,
    message_delete: 1,
    message_bulk_delete: 5,
    emoji_delete: 2,
    webhook_create: 5,
    webhook_delete: 3,
}

Each action adds points to a user's violation score. The score resets every 15 minutes.

max_vls

Type: Number

Maximum violation points before action is taken.

max_vls: 15

When a user reaches this score within 15 minutes, their roles are removed.

whitelisted_users

Type: Array of Strings

User IDs exempt from anti-nuke.

whitelisted_users: ['707336356786864211']

whitelist_bots

Type: Boolean

Exempt bots from anti-nuke monitoring.

whitelist_bots: true

When true: Bot actions don't count toward violations When false: Bots are monitored

notification

Warn users before taking action.

enabled - Whether to send warnings (Boolean) vls - Violation threshold for sending warning (Number)

notification: {
    enabled: true,
    vls: 10,
}

When a user reaches 10 violations, they receive a notification warning them to stop.

Complete Configuration Example

Here's a production-ready security configuration:

{
    config: {
        verification: {
            roles_to_remove: [],
            roles_to_add: ['804354037662220289'],
            automatic_verification: false,
            minimum_account_age: {
                enabled: true,
                age: "30d",
            },
            user_join_activity: {
                enabled: true,
                max_joins_per_minute: 30,
                disabled_for: "15m",
            },
            unverified_kick: {
                enabled: false,
                kick_after: "30m",
            },
            must_be_synced: false,
        },

        anti_bots: false,

        message_spam: {
            enabled: true,
            max_messages_per_minute: 30,
            slowmode: "10s",
            duration: "15m",
            whitelisted_channels: [],
        },

        anti_nuke: {
            enabled: true,
            violations: {
                member_ban: 5,
                member_kick: 3,
                channel_delete: 2,
                role_delete: 2,
                message_bulk_delete: 5,
                webhook_create: 5,
            },
            max_vls: 15,
            whitelisted_users: ['707336356786864211'],
            whitelist_bots: true,
            notification: {
                enabled: true,
                vls: 10,
            },
        },
    }
}

Last updated 4 months ago