your code nuked 3 of my servers thru the bot.

SudhanPlayz / Discord-MusicBot

An advanced discord music bot, supports Spotify, Soundcloud, YouTube with Shuffling, Volume Control and Web Dashboard with Slash Commands support!

https://musicbot.darrenofficial.com

Other

2.94k stars 2.86k forks source link

your code nuked 3 of my servers thru the bot. #1170

Closed tgrafk12 closed 1 year ago

tgrafk12 commented 1 year ago

Please describe the problem you are having in as much detail as possible:

Essentials:

Bot Version:
Commit Hash:
Node.js version:
Operating system:

Additional system info

Is it virtualized? (Docker or ...) :
What CPU is it running on (X86 or ARM or...):
Additional details that might help us figure out the problem:

Relevant client options:

partials: none
gateway intents: none
other: none

tgrafk12 commented 1 year ago

remove your code at once, im reporting this repo.

Assassin654 commented 1 year ago

remove your code at once, im reporting this repo.

Where did you host your bot

daichuanwu21 commented 1 year ago

Sorry to hear about your servers being nuked, but as this is an open-source project, it is not likely that a backdoor to nuke servers was somehow inserted without anyone noticing.

The more likely possibility however, is what @Assassin654 was hinting towards, that of a malicious Discord bot hosting service taking your token and nuking servers for the sake of being cruel. Another possibility is that you were the victim of a token grabber, whose orchestrator then took your Discord account token, found the Discord bot on your account, retrieved its token and proceeded to nuke your servers.

Anyhow, if you're so inclined to think this way, you're free to audit the code and prove us wrong by find something malicious.

sprucecellodev125 commented 1 year ago

Thanks for explaining @daichuanwu21.

We recommend to stop using replit/glitch and switch to another hosting provider. If you can't find one, I recommend stozu.net or discloud. Feel free to @ me or another maintainer if you have another question.

LewdHuTao commented 1 year ago

Bet youre hosting your bot in replit. Also there is no reason to report this repo as it is your own fault. Get better hosting so that people cant easily scrap your token

LewdHuTao commented 1 year ago

We recommend you to host your bot in better hosting like spend some money for vps or free hosting (stozu) and stop hosting your bot in replit or any other services that people can easily find your token. In this issue it is fully your fault you have no rights to report this code.

So the reason why your server got nuked is probably because someone find your token and they use your bot token to nuked your servers.

If you know how to coding feel free to look into this repo code and tell me where the part it can nuke discord server or grab your bot token

AEW745 commented 1 year ago

Putting your token in the Config file will allow anyone to view your token. I recommend to put your token in a .env file or in your secret keys as those are hidden from the public and only those that have access to project will see it.