Anti-Nuke

Anti-Nuke Protection

Server nuking is one of the most destructive attacks your Discord community can face. SYNTHET's anti-nuke system detects and automatically stops nuke attempts in real-time, protecting your channels, roles, and members.

What is Server Nuking?

A server nuke is a coordinated or rapid sequence of destructive actions targeting your server's infrastructure:

Mass Channel Deletion

Delete dozens of channels in seconds, destroying conversation history and community organization

Role Chaos

Delete critical roles or reassign permissions, disabling moderation teams and default roles

Member Purge

Ban or kick all members, leaving the server empty or completely unusable

Permission Lockdown

Change permissions on all channels to block everyone, including administrators

Nukes typically originate from compromised admin/moderator accounts, hacked bot tokens, or servers that grant dangerous permissions too broadly.

How SYNTHET Detects Nuke Attempts

SYNTHET continuously monitors four critical action types and compares them against configurable thresholds:

Real-Time Threshold Monitoring

Every channel deletion, role deletion, ban, and kick is logged with a timestamp. When any action exceeds its threshold within the configured time window, protection automatically triggers.

User Context Tracking

SYNTHET knows which user performed the action. This allows you to whitelist trusted admins and bots, ensuring they aren't blocked during legitimate bulk operations (like server cleanup).

Pattern Recognition

Legitimate admins might delete 5 channels in an hour during cleanup. A nuke attempts to delete 20+ channels in minutes. SYNTHET distinguishes normal from malicious patterns through configurable thresholds.

Configurable Thresholds

Every threshold is adjustable to match your server's normal activity patterns. Default values are conservative to prevent false positives:

Channel Deletions

Default: 5 per 10 min

If any user deletes N channels within M minutes, nuke protection activates.

Why this matters: Channels are critical infrastructure. Rapid deletion is almost always malicious.

Role Deletions

Default: 3 per 10 min

Role deletion is more sensitive than channel deletion, so this threshold is lower.

Why this matters: Deleting even one important role can break your moderation system. Multiple deletions are a major red flag.

Ban Waves

Default: 10 per 10 min

Rapid banning of multiple members in quick succession.

Why this matters: Legitimate moderators ban members individually as they break rules. Mass bans indicate account compromise.

Kick Waves

Default: 15 per 10 min

Rapid kicking of multiple members in quick succession.

Why this matters: Kicks are often used to remove witnesses before deleting channels.

Tip: Start with default thresholds and adjust based on your server's size and activity. A 1000-member server with daily cleanups may need higher thresholds than a small community server.

Whitelist System

Whitelisting allows trusted users and bots to bypass nuke detection, enabling legitimate bulk operations without triggering false alarms:

Whitelist by User ID

Add specific user IDs who are trusted to perform bulk actions. Commonly includes server owner, senior admins, and trusted bots like cleanup/optimization bots.

Whitelist by Discord Role

Add Discord roles whose members are automatically whitelisted. When a member with a whitelisted role performs actions, thresholds don't apply to them.

Whitelist Management

Manage whitelists from the Security dashboard. Add/remove entries instantly. Each whitelist entry can be reviewed with timestamp and reason.

Warning: Only whitelist accounts you absolutely trust. Compromised whitelisted accounts bypass all nuke protection.

Automatic Actions

When a nuke is detected, SYNTHET executes automatic protective measures:

Strip Permissions

The user who triggered the nuke detection has all dangerous permissions removed. They can no longer delete channels, delete roles, ban members, or kick members.

User Quarantine

The suspicious account is assigned the quarantine role and placed in read-only channels. This contains the threat while you investigate.

Owner Notification

The server owner is immediately notified via a direct message and server security alert channel. Includes full context: who, what action, when, and what SYNTHET did.

Action Halt

The specific dangerous action that triggered detection is blocked. For example, if a user tries to delete the 6th channel (exceeding the 5-channel threshold), that deletion is prevented.

Note: Some actions are reversible after investigation (permissions restored), while others may be permanent depending on your server policy.

Recovery Mode

If a nuke partially succeeds before SYNTHET catches it, recovery mode helps restore your server:

Restore from Backup

SYNTHET stores snapshots of your server structure (channels, roles, permissions). If channels or roles were deleted, you can restore them from the most recent backup.

Audit Trail

Every action SYNTHET took (quarantine, permission stripping) is logged and reversible. You can review what happened and undo specific actions if needed.

Manual Override

Server owners can manually override SYNTHET's automatic actions at any time. Remove quarantine, restore permissions, or adjust whitelists immediately.

Dashboard Configuration

Configure anti-nuke protection from the Security dashboard (Protection → Anti-Nuke):

Threshold Sliders: Adjust each threshold (channels, roles, bans, kicks) with visual sliders. See real-time preview of impact.
Time Window: Configure the time period for threshold calculation (5-60 minutes). Shorter windows are more sensitive.
Whitelist Management: Searchable dropdown to add users and roles. Each entry shows when it was added and by whom.
Automatic Actions: Toggle which actions trigger (strip perms, quarantine, notify owner). Disable any you don't want.
Alert Channels: Choose which channels receive nuke alerts (default: #security-alerts).

Pro Tip: Monitor nuke alerts for 2-3 weeks after enabling anti-nuke. Adjust thresholds based on false positive patterns you observe.

Best Practices

  • 1.Enable immediately: Anti-nuke should be one of the first SYNTHET features you enable, as nukes are catastrophic.
  • 2.Limit admins: Only grant dangerous permissions (channel/role management) to admins you absolutely trust.
  • 3.Rotate API tokens: If you use bots, rotate their tokens monthly and revoke old ones.
  • 4.Monitor alerts: Review security alerts weekly. Patterns show attempted attacks even when they're blocked.
  • 5.Test whitelist: After whitelisting a bot for cleanup, test it with small operations first to ensure thresholds are appropriate.
  • 6.Backup your server: Enable SYNTHET's backup snapshots so recovery is possible if a nuke partially succeeds.
← Security OverviewAnti-Raid Protection →