Verification
Swift verification with minimal user friction
Last updated
Swift verification with minimal user friction
Last updated
VOID verification puts a gateway between the users and the rest of the server. It attempts to filter unwanted users from your server, thereby improving your server's protection. For instance;
Alternative accounts to prevent ban-evading, or rigging giveaways
Automated user accounts (bots) to prevent raids
Unverified bots to prevent vandalism
Our system can greatly reduce the aforementioned problems from occurring in your server, but it may not fully eliminate them. It's important to know that no system can guarantee that.
To toggle this system, you must have either the "Administrator" or "Manage Server" permission.
Run the following command
You can specify whether to explicitly enable or disable the system, or any other component of verification. By default, providing no "overwrite" argument will simply toggle the state.
Whenever a user fails verification, a log will be generated including details about the user, the action taken (prevented or auto-banned), and an explanation to why they failed verification. This log is only generated if the logging channel is set, and is valid.
Some of the reasons that will generate a log include:
Attempting to ban-evade
Using a VPN or proxy during verification
Using a wireless ISP when "Block wireless ISPs" is enabled
This may arguably be the most difficult part if you're new to Discord or verification systems. In order for verification to function properly, we need to establish certain things in a server:
We need to separate members that we know are trusted from the rest. Members that are trusted will be referred to as "verified" members which have a specific role.
If you do not have a "Member" role or similar, create one
Make sure the role has "View Channels" permission in server roles
Next, we need to ensure the @everyone role does not interfere with our "verified" role's purpose.
Remove "View Channels" permission for @everyone in server roles
Remove "View Channels" permission from any text or voice channel
Once the above steps are completed, nobody without a "verified" role should be able to see any channel, which is good. However, we need one special-purpose channel that only unverified members (members without a role) will see, which we are about to create.
Create a channel for verification
Add "View Channel" permission for @everyone to this channel
Remove "Send Messages" permissions for @everyone in this channel
Add the "verified" role, and remove "View Channel" permission from it in this channel
If all the above steps are complete, you're ready to proceed to the next stage of setup. If this is a new server, please ensure that @everyone does not have "Mention @everyone, @here and All roles" permission for a peace of mind.
Run the following command
In order for users to be able to request verification, we need to create an interface for users to interact with.
Run the following command
Typically, raid attacks often occur using newly-generated Discord accounts. This means that those accounts are easy to identify because of their creation date, and they likely will not have a profile picture. This is a rather naïve approach by attackers, nevertheless we can make it harder for them to conduct such attacks.
This means that Discord accounts not older than 1 day will not even be eligible to request verification. You may use a higher value than 1 day, however we recommend keeping it under a week old because it may inconvenience users that get terminated or locked out of their accounts.
This means that any Discord account that does not have a custom profile picture will not be eligible to request verification. Users that fail this check will also be provided a link to download their default profile picture, which they can set to "keep" their default profile picture and pass this check.
When a user requests verification, they end up borrowing a "session" from the server. This session will be used up and returned to the server when the user successfully or unsuccessfully verifies, or when 2 minutes have passed since the session was created.
A server is limited to 12 sessions if using the community license, and 24 sessions for Premium. When your server has used up all the sessions, users will not be able to verify until one of the sessions are used up.
This system ensures that there aren't too many concurrent verification for your server, usually indicative of a raid, therefore slowing down potential attackers. However, it makes it possible to hold the server for ransom by constantly using up sessions, making new members unable to verify, though this is very unlikely.
Networks that operate as a wireless internet service providers (ISP) will be blocked if enabled. This includes networks that provide both wireless and wired (cable, fibre...). This may make it harder to ban-evade, but has a high chance of affecting many unsuspecting users, use responsibly.
Wireless ISP blocker may affect many unsuspecting users
Reverse verification is vulnerable to high-velocity raids and is strongly discouraged
Reverses the typical verification flow. Users will be given a role immediately upon joining, and the role is to be taken away after successful verification. This system assumes that the permissions are correctly set for reverse verification.
Whenever a user goes through verification, we run extensive checks to ensure the user is not anonymising their connection. VPN killer is like giving steroids to our detections.
Using VPN killer will improve detection rates against:
Infected devices used by botnets or malware
Proxies, residential proxies and VPNs
Mobile carrier technologies
Hosting providers
Due to the aggressive nature of VPN killer, you may receive complaints that users are being false-flagged. The user is quite unlucky, and falls into either of the below categories
IP addresses are commonly leased and re-used. This means that the user may have been given a "dirty IP address" from their internet service provider (ISP), on which someone else conducted unwanted activities before.
Whenever a user verifies successfully, they will be given the role specified here. Ensure you followed the , and set that role here.
Many devices may be caught up in large zombie computer networks, known as botnets. This may happen when an unsuspecting user is infected by malware, which may silently use the user's internet connection. Botnets are known to cause major disruptions to the internet, .
Many devices may end up having their internet connection used to proxy other people's traffic without the user being aware of it. How does this happen? Applications may (or even may not) state in their terms that they will be using your device as a proxy, which is how some residential proxies obtain their IP addresses.
