The Discord server Advertising Centre was raided. Here you can find out when it was raided, how it was raided and how you can prevent something like that on your own server.
Interesting facts about the raid
The raid started on 12/24/2019 8:22 PM UTC
The raid ended on 12/24/2019 8:34 PM UTC
Some of the actions happened with the audit log reason “Banned by Targo’s Discord Raid Client”. After searching for the raid client, we found this video here: Targo’s Discord Raid Client
At the time of the raid, skyProtect was about 1 week old (joined 17th Dec 2019)
It looks like skyProtect was a bot by the owner of Advertising Centre that he developed to create a protection and anti-raid system for his server. We expect that it’s token had been leaked and abused.
Users mentioned in this article
☃ Joshie_Games128 ☃#0336
Negatively involved user
Free Science Lessons#0598
Do you want your data removed from this post? Please contact us.
Important happenings before the raid
12/21/2019 10:04 PM UTC Joshie_Games added skyProtect to Advertising Centre. He repeatedly kicked and re-added the bot until 10:14 PM. At this time, he did the last action affecting skyProtect which was giving him the “SPONSORED BOTS” role.
Happenings during (or immediately before) the raid:
12/24/2019 8:19 PM UTC skyProtect added the role “HR – High Rank” and the role “Advertisers” to ketum. This happened 3 minutes before the raid.
12/24/2019 8:22 PM UTC skyProtect started banning members
12/24/2019 8:30 PM UTC skyProtect started deleting channels
12/24/2019 8:30 PM UTC skyProtect deleted the last channel, “Staff VC”
12/24/2019 8:31 PM UTC skyProtect banned the last member, “ΣLIƬΣ_MIKΣΣ#5534” (612385896003797013)
12/24/2019 8:31 PM UTC skyProtect started creating text channels called “#die”
12/24/2019 8:34 PM UTC skyProtect started deleting roles
12/24/2019 8:34 PM UTC skyProtect deleted the last role, “LR – Low Rank”
12/24/2019 8:34 PM UTC skyProtect edited the @everyone role, giving Administrator and more permissions
Important Happenings after the raid:
12/24/2019 11:02 PM UTC Boomer Boom banned skyProtect
12/24/2019 11:02 PM UTC Boomer Boom edited the @everyone role, removing Administrator and more permissions
12/25/2019 5:20 AM UTC Joshie_Games passed ownership to Free Science Lessons
How to prevent raids like this
Keep an eye on which bots you have on your server and which permissions they have. Bots that only manage your join messages probably shouldn’t be able to kick and ban members, and bots that only moderate messages probably shouldn’t have Manage Server.
It looks like skyProtect was a bot by the owner that should have protected Advertising Centre from raids. We expect that the owner was new to Discord bot coding and didn’t keep an eye on his token, which then was leaked and abused. If you have an own bot, always make sure to save your token on a save place. Public hosting services like glitch also can cause a security risk if you don’t pay attention.