Integrating w3os discord guide into frameworks #321
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…utor details - Enhanced the Discord management documentation with a new summary section outlining key security measures. - Introduced a comprehensive account security checklist for individuals and team members. - Updated contributor information to include Auditware, reflecting their role and contributions. - Streamlined content for clarity and improved organization of security measures and guidelines.
|
@DicksonWu654 is attempting to deploy a commit to the Security Alliance Team on Vercel. A member of the Team first needs to authorize it. |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
NFTDreww
reviewed
Dec 17, 2025
| - Moderator | ||
| - Verified | ||
| - My Account: | ||
| - [ ] Ensure **2FA** is enabled (authenticator app and/or security key) |
Collaborator
There was a problem hiding this comment.
- [ ] User Settings > My Account: Ensure **2FA** is enabled (authenticator app and/or security key), Remove a phone number if you have one added to your account, and after 2FA is setup select **View Backup Codes**, and note down your backup codes offline
| - Verified | ||
| - My Account: | ||
| - [ ] Ensure **2FA** is enabled (authenticator app and/or security key) | ||
| - [ ] Ensure **SMS Backup Authentication** is **disabled** |
Collaborator
There was a problem hiding this comment.
- [ ] User Settings > My Account: Ensure **SMS Backup Authentication** is **disabled**
| - [ ] Ensure **2FA** is enabled (authenticator app and/or security key) | ||
| - [ ] Ensure **SMS Backup Authentication** is **disabled** | ||
| - Privacy & Safety: | ||
| - [ ] Allow direct messages from server members > **Disabled** |
Collaborator
There was a problem hiding this comment.
- [ ] User Settings > Content & Social > Social Permissions: Allow DMs from other server members > **Disabled**
| - [ ] Ensure **SMS Backup Authentication** is **disabled** | ||
| - Privacy & Safety: | ||
| - [ ] Allow direct messages from server members > **Disabled** | ||
| - [ ] Select **Keep Me Safe** for direct messages (encourages moderators and community members to adopt the same setting to minimize phishing DMs) |
Collaborator
There was a problem hiding this comment.
- [ ] User Settings > Content & Social > Direct Message Spam: Select **Filter all** to filter all DMs for spam (encourages moderators and community members to adopt the same setting to minimize phishing DMs)
| - [ ] Allow direct messages from server members > **Disabled** | ||
| - [ ] Select **Keep Me Safe** for direct messages (encourages moderators and community members to adopt the same setting to minimize phishing DMs) | ||
| - Authorized Apps: | ||
| - [ ] Review and **Deauthorize** any unnecessary apps |
Collaborator
There was a problem hiding this comment.
- [ ] User Settings > Authorized Apps: Review and **Deauthorize** any unnecessary apps
| - Review bot permissions after each significant update to avoid newly introduced vulnerabilities. | ||
| Beyond enabling in Safety Setup: | ||
| - Require users to react to a message or post an introduction — this helps filter out bots and spam accounts from joining | ||
| - Implement a verification bot like Wick |
Collaborator
There was a problem hiding this comment.
- Implement a verification bot like Wick that does in-channel captcha for users to join the server
| - Ensure admin/mod roles have "View Audit Log" permission | ||
| - Create a private logging channel visible only to admins/mods | ||
| - Use a logging bot like Logger or Dyno to send detailed logs | ||
| - Audit logs can be output [to a private channel](https://help.mee6.xyz/support/solutions/articles/101000475709-how-to-use-audit-logs-to-track-your-members-actions) for easier monitoring |
Collaborator
There was a problem hiding this comment.
I'd remove this, MEE6 is not recommended due to multiple security incidents in the past
|
|
||
| Set up custom rules to prevent other users from joining using the same username and PFP (profile picture) to impersonate | ||
| you or other important members of the server. A popular bot in this category is Wick Bot. | ||
| Set up custom rules to prevent other users from joining using the same username and PFP (profile picture) to impersonate you or other important members of the server. A popular bot in this category is Wick Bot. |
Collaborator
There was a problem hiding this comment.
Wick's anti-impersonation bot is okey, I would suggest we replace with hashbot here (hashbot.com)
|
|
||
| c) **Use the Cold Account for Critical Actions** | ||
| **Security:** | ||
| - In **User Settings > Privacy & Safety**, deselect any quick login or QR scan options — this prevents attackers from using QR phishing tactics to hijack this high-privilege account |
| ### Additional Recommendations | ||
|
|
||
| f) **Backup Systems** | ||
| - Set up [account leveling](https://mee6.xyz/en/tutorials/how-to-use-levels-plugin-on-your-discord-server) for new members for gradually enabling permissions |
Collaborator
There was a problem hiding this comment.
I would remove MEE6 due to previous security concerns.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Frameworks PR Checklist
Integrating w3os discord guide into frameworks
This is from #305. @NFTDreww suggested we merge discord first into frameworks, then work on the other ones. This has alreayd been approved by NFT Drew
vocs.config.tsadding thedev: trueparameter