The Discord server Advertising Centre was raided. Here you can find out when it was raided, how it was raided and how you can prevent something like that on your own server.

Interesting facts about the raid

  • The raid started on 12/24/2019 8:22 PM UTC
  • The raid ended on 12/24/2019 8:34 PM UTC
  • Some of the actions happened with the audit log reason “Banned by Targo’s Discord Raid Client”. After searching for the raid client, we found this video here: Targo’s Discord Raid Client
  • At the time of the raid, skyProtect was about 1 week old (joined 17th Dec 2019)
  • It looks like skyProtect was a bot by the owner of Advertising Centre that he developed to create a protection and anti-raid system for his server. We expect that it’s token had been leaked and abused.

Users mentioned in this article

User TagUser IDUser TypeRole
☃ Joshie_Games128 ☃#0336411546422736060417UserOwner
skyProtect#6482 656629716132036625BotRaiding Bot
ketum#9749533297261917110284UserNegatively involved user
Boomer Boom#0673476498093584416769UserStaff
Free Science Lessons#0598250706069729312768UserStaff

Do you want your data removed from this post? Please contact us.

Important happenings before the raid

  • 12/21/2019 10:04 PM UTC
    Joshie_Games added skyProtect to Advertising Centre. He repeatedly kicked and re-added the bot until 10:14 PM. At this time, he did the last action affecting skyProtect which was giving him the “SPONSORED BOTS” role.

Happenings during (or immediately before) the raid:

  • 12/24/2019 8:19 PM UTC
    skyProtect added the role “HR – High Rank” and the role “Advertisers” to ketum. This happened 3 minutes before the raid.
  • 12/24/2019 8:22 PM UTC
    skyProtect started banning members
  • 12/24/2019 8:30 PM UTC
    skyProtect started deleting channels
  • 12/24/2019 8:30 PM UTC
    skyProtect deleted the last channel, “Staff VC”
  • 12/24/2019 8:31 PM UTC
    skyProtect banned the last member, “ΣLIƬΣ_MIKΣΣ#5534” (612385896003797013)
  • 12/24/2019 8:31 PM UTC
    skyProtect started creating text channels called “#die”
  • 12/24/2019 8:34 PM UTC
    skyProtect started deleting roles
  • 12/24/2019 8:34 PM UTC
    skyProtect deleted the last role, “LR – Low Rank”
  • 12/24/2019 8:34 PM UTC
    skyProtect edited the @everyone role, giving Administrator and more permissions

Important Happenings after the raid:

  • 12/24/2019 11:02 PM UTC
    Boomer Boom banned skyProtect
  • 12/24/2019 11:02 PM UTC
    Boomer Boom edited the @everyone role, removing Administrator and more permissions
  • 12/25/2019 5:20 AM UTC
    Joshie_Games passed ownership to Free Science Lessons

How to prevent raids like this

  • Keep an eye on which bots you have on your server and which permissions they have. Bots that only manage your join messages probably shouldn’t be able to kick and ban members, and bots that only moderate messages probably shouldn’t have Manage Server.
  • It looks like skyProtect was a bot by the owner that should have protected Advertising Centre from raids. We expect that the owner was new to Discord bot coding and didn’t keep an eye on his token, which then was leaked and abused. If you have an own bot, always make sure to save your token on a save place. Public hosting services like glitch also can cause a security risk if you don’t pay attention.

Proof archive

About the Author: Looat

CEO at Open Advertisements

Leave A Comment