Sloth Lee — a ninja sloth with nunchucksSloth LeeThe slowest ninja alive · watching your Discord
Add to DiscordOpen Dashboard
← Back to blog

Security

A raid-prevention checklist for Discord servers.

May 4, 2026 · 10 min read

A Discord raid is what happens when a coordinated group (sometimes 5 people, sometimes 500) joins your server and spams chat, mass-pings, posts scams, or otherwise tries to burn the place down. Most are opportunistic — they target servers that look defenceless, and move on if you make their first 90 seconds expensive. This checklist is what “defenceless” looks like and how to fix it.

Work through it once. Total time: about 30 minutes for a medium server. None of it is paywalled in any major bot. The numbers below are reasonable defaults — adjust to your community's personality.

The pre-raid checklist (12 items)

1. Verification gate on join

New members can't post anywhere until they pass a one-step verification — a reaction-role click, a captcha, or a 15-second “type this word” challenge. This is the single biggest deterrent: 95% of raid bots quit at the gate.

2. Account-age minimum on the verification gate

Set the verification flow to silently fail for accounts younger than 7 days. Real new users barely notice (they just wait or use an older account); raid accounts created en masse get blocked.

3. @everyone / @here perms locked to staff

By default, every member of your server can mass-ping everyone. This is wrong. Fix in Server Settings → Roles → @everyone → disable “Mention @everyone, @here, and All Roles”.

4. Channel default permissions reviewed

Check Server Settings → Roles → @everyone for everything that's ON by default. Most public channels should allow Send Messages, Read Message History, and not much else. Specifically ensure these are off for @everyone in regular channels: Manage Webhooks, Manage Channel, Manage Messages, Mention @everyone.

5. Slow mode armed in your busiest channel

Set #general(or whatever your busiest channel is) to a 3-5 second slow mode permanently. Real conversation isn't affected; spam loops are rate-limited to uselessness.

6. Automod: invite link block (with allow-list)

Block all Discord invite links from everyone except staff. Allow-list specific server invites you partner with. The single most common scam-raid vector is “join this server for free Nitro”.

7. Automod: known scam domains

Maintain (or use a bot that maintains) a list of known Discord-scam domains: dlscord.gift,steamcommunity.ru, discord-nitro.host, variants. Sloth Lee's phishing scorer ships this built-in; if you're not using us, most major bots have similar lists.

8. Automod: mass-mention threshold

More than 4 unique mentions in a single message → auto- delete + mute. This catches the “@user1 @user2 @user3 ... check this out” spam pattern that defines half of all small-server raids.

9. Audit log channel that staff actually watch

Pipe Discord's audit log + your bot's actions to a single staff-only channel. Pin a message at the top listing what each event type means so on-call staff can read it at a glance.

10. A “raid mode” switch you can hit fast

Have a single command (or button) that flips the server into raid-defence mode: lockdown all public channels to read-only, kick all unverified members from the join queue, increase slow-mode to 30 seconds, and ping the staff role. Test it once when there's no raid so you know it works.

Sloth Lee ships this as !raidmode on /!raidmode off. Other bots have similar commands.

11. Backups, weekly

If your server is wiped, backups are how you come back. Weekly backup of: roles + permissions, channel structure, custom commands, automod rules, member roles. Sloth Lee has a !backup command; manual backups via export are fine too.

12. A documented “under raid” runbook

One pinned message in your staff channel listing exactly what to do in the first five minutes of a raid:

  1. Hit !raidmode on (or your bot's equivalent).
  2. Post in #announcements: “We're investigating an issue. Channels temporarily read-only.”
  3. One staff member checks audit log + identifies the source pattern.
  4. Mass-ban the raiders by pattern (account-age, role, message-content match).
  5. Post all-clear after 15 minutes of quiet.

The runbook isn't for the staff member who's seen a hundred raids — it's for the one who's seeing their first.

Two myths worth retiring

“A bigger server means a bigger raid risk.” Wrong direction. Smaller servers (under 1,000 members) are targeted more often because raid groups know small staff teams are slower to respond. Defence-in-depth matters more at small scale, not less.

“Anti-raid bots make my server feel hostile.” Only when configured aggressively for normal users. Account-age gate at 7 days, slow mode at 5 seconds, verification at one click — none of these register to a real new member. They register to bots.

What this looks like with Sloth Lee specifically

The /quickstart wizard pre-configures items 1-9 for a new server. The phishing scorer covers item 7 with a pattern library that updates without redeployments.!raidmode covers item 10. Backup covers item 11. The runbook (item 12) is yours to write — but the template at /docs/troubleshooting is a good starting point.

Most raids are opportunistic. They want a defenceless server. Make the first 90 seconds expensive and they move on. None of these takes long. Do them now while it's quiet, not at 3am while it's on fire.

Sloth Lee handles 8 of these by default

Set him up. He'll watch the rest.

Open the dashboardJoin the beta