Verification

What is verification?

VOID verification puts a gateway between the users and the rest of the server. It attempts to filter unwanted users from your server, thereby improving your server's protection. For instance;

• Alternative accounts to prevent ban-evading, or rigging giveaways

• Automated user accounts (bots) to prevent raids

• Unverified bots to prevent vandalism

Our system can greatly reduce the aforementioned problems from occurring in your server, but it may not fully eliminate them. It's important to know that no system can guarantee that.

Setting up verification

Toggling the system

To toggle this system, you must have either the "Administrator" or "Manage Server" permission.

Run the following command

/verification - toggle setting: The module itself

You can specify whether to explicitly enable or disable the system, or any other component of verification. By default, providing no "overwrite" argument will simply toggle the state.

Setting up logging

Whenever a user fails verification, a log will be generated including details about the user, the action taken (prevented or auto-banned), and an explanation to why they failed verification. This log is only generated if the logging channel is set, and is valid.

Some of the reasons that will generate a log include:

• Attempting to ban-evade

• Using a VPN or proxy during verification

• Using a wireless ISP when "Block wireless ISPs" is enabled

Permissions and roles

This may arguably be the most difficult part if you're new to Discord or verification systems. In order for verification to function properly, we need to establish certain things in a server:

Creating or using a role for verification

We need to separate members that we know are trusted from the rest. Members that are trusted will be referred to as "verified" members which have a specific role.

1. If you do not have a "Member" role or similar, create one

2. Make sure the role has "View Channels" permission in server roles

Removing permissions and permission overwrites for @everyone

Next, we need to ensure the @everyone role does not interfere with our "verified" role's purpose.

1. Remove "View Channels" permission for @everyone in server roles

2. Remove "View Channels" permission from any text or voice channel

Creating a verification channel

Once the above steps are completed, nobody without a "verified" role should be able to see any channel, which is good. However, we need one special-purpose channel that only unverified members (members without a role) will see, which we are about to create.

1. Create a channel for verification

2. Add "View Channel" permission for @everyone to this channel

3. Remove "Send Messages" permissions for @everyone in this channel

4. Add the "verified" role, and remove "View Channel" permission from it in this channel

If all the above steps are complete, you're ready to proceed to the next stage of setup. If this is a new server, please ensure that @everyone does not have "Mention @everyone, @here and All roles" permission for a peace of mind.

Set the verification role

Whenever a user verifies successfully, they will be given the role specified here. Ensure you followed the steps required to setup a verification role, and set that role here.

Run the following command

/verification role

Create an interface

In order for users to be able to request verification, we need to create an interface for users to interact with.

Run the following command

/verification gui

Improving security

Typically, raid attacks often occur using newly-generated Discord accounts. This means that those accounts are easy to identify because of their creation date, and they likely will not have a profile picture. This is a rather naïve approach by attackers, nevertheless we can make it harder for them to conduct such attacks.

Set the minimum account age required for verification to 1 day

This means that Discord accounts not older than 1 day will not even be eligible to request verification. You may use a higher value than 1 day, however we recommend keeping it under a week old because it may inconvenience users that get terminated or locked out of their accounts.

Require custom profile pictures to verify

This means that any Discord account that does not have a custom profile picture will not be eligible to request verification. Users that fail this check will also be provided a link to download their default profile picture, which they can set to "keep" their default profile picture and pass this check.

Run the following command

/verification toggle setting: Require profile pictures

Sessions

When a user requests verification, they end up borrowing a "session" from the server. This session will be used up and returned to the server when the user successfully or unsuccessfully verifies, or when 2 minutes have passed since the session was created.

A server is limited to 12 sessions if using the community license, and 24 sessions for Premium. When your server has used up all the sessions, users will not be able to verify until one of the sessions are used up.

This system ensures that there aren't too many concurrent verification for your server, usually indicative of a raid, therefore slowing down potential attackers. However, it makes it possible to hold the server for ransom by constantly using up sessions, making new members unable to verify, though this is very unlikely.

Auxiliary commands

Wireless ISP blocker

Networks that operate as a wireless internet service providers (ISP) will be blocked if enabled. This includes networks that provide both wireless and wired (cable, fibre...). This may make it harder to ban-evade, but has a high chance of affecting many unsuspecting users, use responsibly.

Run the following command

/verification toggle setting: Block mobile carriers/wireless internet

Reverse verification

Reverses the typical verification flow. Users will be given a role immediately upon joining, and the role is to be taken away after successful verification. This system assumes that the permissions are correctly set for reverse verification.

Run the following command

/verification toggle setting: Reverse verification mode

View your settings

Run the following command

/verification settings

VPN Killer

Whenever a user goes through verification, we run extensive checks to ensure the user is not anonymising their connection. VPN killer is like giving steroids to our detections.

Improvements

Using VPN killer will improve detection rates against:

• Infected devices used by botnets or malware

• Proxies, residential proxies and VPNs

• Mobile carrier technologies

• Hosting providers

False positives

Due to the aggressive nature of VPN killer, you may receive complaints that users are being false-flagged. The user is quite unlucky, and falls into either of the below categories

The internet is a dynamic place

IP addresses are commonly leased and re-used. This means that the user may have been given a "dirty IP address" from their internet service provider (ISP), on which someone else conducted unwanted activities before.

The internet is a dangerous place

Many devices may be caught up in large zombie computer networks, known as botnets. This may happen when an unsuspecting user is infected by malware, which may silently use the user's internet connection. Botnets are known to cause major disruptions to the internet, known as DDoS.

“I have read and agree to the Terms” is the biggest lie on the web

Many devices may end up having their internet connection used to proxy other people's traffic without the user being aware of it. How does this happen? Well, does anyone ever read any Terms of Service thoroughly? Applications may (or even may not) state in their terms that they will be using your device as a proxy, which is how some residential proxies obtain their IP addresses.