Closed msami789 closed 4 years ago
Hello, What are you using to host your bot and have you ever sent your bot token or cookie anywhere?
Also, is “Public Bot” enabled in the settings of your Discord bot application?
Because this is nearly impossible unless the bot token or cookie (or password) was somehow publicized somewhere.
Are you sure they had access via qBot?
This could been that the user has the Ranking Permission
role.
If this isn't the case perhaps your credentials were exposed..
I recommend if you're going to pay for something I'd buy a VPS, Digital Ocean you can buy a single server for $5/month.
My guess is the issue is not with the credentials being exposed or someone having the role.
My guess is that they have it so “Public Bot” is enabled and anyone can invite the bot.
Although for added security and uptime, VPS’ are great choices.
@yogurtsyum @IeuanGol I'm not saying this was done via hacking qbot, but I wanted to know mainly if I can set two factor authentication and the system will still be able to log in via cookie.
My guess is that they have it so “Public Bot” is enabled and anyone can invite the bot.
Ahah! You might be right, I forgot to turn off public invites. That must be how because there was no log of someone using the ranking bot nor was there log of the message that it ranked being deleted
2FA shouldn't make a difference since it is done via cookie.
And look what I found; Looks like someone found out the bot token.
Will change the token and turn off public
Bots can only be added via a client ID which is publicly available information.
But yes definitely turn off public and leave that server.
You don't need the bot token to add it to a server, just the Client ID, which is pretty much public information.
Be sure to make sure the bot leaves that extra server it's in, as resetting the token by itself would not do that.
Yesterday someone hacked into my bot account for qbot to operate and raided my group. I need to know if I can set these precautions without the ranking system breaking:
Thanks. đź‘Ť