UnifierHQ Blog
  • Main Page
  • 🔧Technical
    • We're moving to Nextcord
    • Introducing Unifier Installer
    • Discontinuing Reaction Images
    • We're removing the identifier
    • We made Unifier 20x faster
    • Unifier evolved to (experimentally) support Guilded!
    • Unifier, meet Revolt!
    • Test the new Revolt Support extension
    • The story of Unifier/UniChat
  • 📦Releases
    • Unifier 3.9.0 (and 3.8.0) is here!
    • Now entering: Unifier v3
    • Unifier is open source now.
    • Unifier Micro: a light and open source global chat bot
    • Open sourcing our first version
  • ⛑️Safety
    • Followup: May 7 raid threats
    • The May 7 HYP raid threats
    • Our first security vulnerability
    • March 26: The first raid on UniChat, which we prevented
  • 💬Opinion
    • How NOT to make a Bridge Bot
    • Our stance on Discord adding advertisements
Powered by GitBook
On this page
  • What happened
  • How Unifier protected UniChat
  • Actions taken
  • Future steps
  • Implement invite detection to RapidPhish
  • Implement raid detection
  • Help us improve
  1. Safety

March 26: The first raid on UniChat, which we prevented

How we protected everyone and how we'll improve for the future.

PreviousOur first security vulnerabilityNextHow NOT to make a Bridge Bot

A server raid was recently carried out by a spammer on a server's channels, which included Unified Chat (official Unifier chat) room channels. Fortunately for UniChat, and unfortunately for the attacker, none of their messages made it through our channels, thanks to built-in protection systems.

What happened

On March 26, 8:45PM (CET), an attacker started sending invites for a "pornography leak" Discord server. Obviously, this was a scam invite, and we were notified by a server member shortly after. Our team hopped on Discord immediately to investigate the incident, and our investigation concluded that no negative effects were observed on UniChat as part of the raid.

How Unifier protected UniChat

Fortunately, Unifier comes equipped with proactive protection measures to prevent such raids from affecting the chat. One of them is our invite blocker, and this was what prevented this raid from impacting UniChat.

When Unifier's invite blocker is triggered, Unifier alerts the user, then attempts to delete the message from the channel. Even if the deletion fails, Unifier has been programmed so that it will not bother to do anything with the message further, such as actually bridging the message, regardless of whether the message was deleted from the channel or not. This measure helped us prevent the message from being sent to other servers linked to UniChat.

Actions taken

As soon as we confirmed the raid, we notified the server admins about the ongoing raid. The member has been indefinitely banned from Unifier with no appeals possible.

As the raid was limited to one specific attacker and the chat did not face any disruptions, we decided not to ban any servers or lock the bot down.

Future steps

Although the raid was prevented successfully with virtually no damage on UniChat, we still see room for improvement for our protective systems.

Implement invite detection to RapidPhish

As of March 27, this has been implemented.

One way we can improve is to implement invite detection to RapidPhish. This can easily be achieved by looking for URLs containing discord.gg, discord.com/invite, or discordapp.com/invite, just like how current invite detection looks for invites.

By implementing the same to RapidPhish, we will be able to detect even more invites, as the message content is cleaned pre-scan to remove any possible bypasses. We can make Unifier take advantage of this by implementing invite detection into RapidPhish.

Implement raid detection

As of March 27, this has been implemented.

To prevent raids in UniChat further, we will be implementing an anti-raid system to Unifier. From now on, Unifier will temporarily suspend users for 10 minutes after two warnings upon a ban caused by invites, and the duration will multiply by 2x per invite. If the duration reaches a certain threshold, the user will be banned indefinitely. To reverse this ban, the user will need to reach out to our team.

However, we will make this threshold dynamic, rather than static. If a user sends many invites within the ban, this threshold can be very short. But if the invites are sent over a long period of time, we can make this threshold longer for the user. Currently, we plan to calculate the threshold using this equation:

D=9600∗tiD = 9600*\frac t iD=9600∗it​

In this equation, D is the duration in seconds, while t is the time since the ban in seconds and i is the amount of invites sent during the timeframe. This means that:

  • If invites were sent across a shorter timeframe, this will be classified as a raid, as messages are more "concentrated" within a specific timeframe.

  • If invites were sent across a longer timeframe, this won't be classified as a raid, as messages are more "spread-out" to be considered a raid.

This can be also used to combat other types of raids involving longer messages or links. If a long message or a link is detected, then the message content can be hashed. If more messages are sent with the same content hash, then this can also be classified as a raid, and the same anti-raid system (although modded to work with the specific message content) can kick in to protect the chat.

We will fine tune this equation where needed if we feel like we need to, but for now this seems like a reasonable starting point.

Help us improve

You can help us be more prepared for a more sophisticated attack by sharing potential solutions we could implement to us, whether it be through UniChat, through UnifierHQ or through DMs. The more ideas we have, the more we can protect ourselves from possible attacks in the future.

⛑️
Unifier anti-invite filter in action
Page cover image