🛡️ Anti-nuke / rogue-admin guard

Every server owner’s nightmare is the same: an admin account goes rogue — or gets compromised — and in the space of a minute it deletes your channels, wipes your roles, and mass-bans your members. By the time you see it, the damage is done. The anti-nuke guard is the bit that’s watching for exactly that, and acts in seconds — not after the fact.

It runs on the moderation activity Server Assistant already sees, so there’s nothing new to wire up. When one account suddenly starts doing damage in a tight burst, the guard scores how likely it is to be an attack and responds on a ladder — from a quiet note, to a staff alert, to automatically stripping the account’s power and putting everything back.

Who it protects, who can configure it: the server owner is always immune — the guard will never act against you. Configuration is owner / Manage Server only, under /settings → Anti-nuke. It’s on by default, because detection and alerts don’t change anything on their own; the one action that does — auto-quarantine — only ever fires at high confidence and is reversible in one tap.

FREE available on every plan  ·  ADMIN only an admin or the owner can configure it  ·  AI incident summaries use AI where it’s enabled

What it watches for

The guard tracks dangerous, hard-to-undo actions and looks for an unusual burst from a single actor in a short window. The actions it weighs most heavily are the ones a nuke is actually made of:

• Channel deletions and role deletions — the classic wipe.
• Mass bans / kicks and member prunes — clearing out your community.
• Webhook creation floods — often used to spam a server as it’s nuked.
• Permission grabs — a role suddenly being handed Administrator, Ban, Manage Server, Manage Roles or Manage Channels. A compromised account often escalates its own power first; the guard treats that as nuke-prep and weighs it like a deletion.

A handful of normal admin actions won’t trip anything. It takes a genuine burst — several destructive actions faster than a real admin would work — before the guard scores it as a likely incident.

Tuned to your community

There’s no one-size threshold. Sensitivity is seeded from your server type (picked during /setup): a busy gaming or general server, where staff churn channels and ban raiders all the time, gets more headroom; a locked-down or high-stakes server is stricter. You can always adjust it yourself under /settings → Anti-nuke.

The response ladder

The guard’s reaction scales with how confident it is that what it’s seeing is an attack:

• Low confidence → observe. It quietly records the activity. Nothing visible, no action.
• Medium confidence → step-up alert. It posts an alert to your staff channel describing the burst and asks you to confirm: is this expected? You can quarantine the actor or trust them right from the alert.
• High confidence → auto-quarantine. It acts immediately: it strips the offending account of its power to stop the damage, alerts you and your staff, and attaches a short plain-language SAi incident report explaining what happened. If it got it wrong, one tap puts the account’s roles back.

What a high-confidence incident looks like

Server AssistantAppjust now

🛡️ Anti-nuke: actor quarantined

Who

@compromised-mod (987654321098765432)

What

7× channel deletions, 4× role deletions, 12× bans

Confidence

🔴 HIGH · 92/100 this is a nuke or compromised account.

Action taken

Stripped 3 role(s) to stop the damage. If this was legitimate, tap Undo quarantine below.

🤖 SAi incident report

A single account deleted multiple channels and roles and banned a dozen members in under 30 seconds — a pattern consistent with a compromised admin or a deliberate nuke. The account has been quarantined. Your most important next step is to confirm whether this person was acting legitimately; if not, restore the server and secure the account.

Anti-nuke · local-only · owner is always immune

✅ Undo quarantine (it was safe) ♻️ Restore server 🤝 Trust this actor (whitelist)

Every incident is also recorded in your web portal’s activity feed, so you have a clear record of what happened and when — even if you weren’t in Discord at the time.

Putting your server back: the restore engine

Catching the attack is only half the job — you also need your server back. The guard keeps a regular, automatic snapshot of how your server is configured: every role’s exact permissions, and every channel’s permission settings.

When you tap Restore server on an incident (you’ll get a quick preview and a confirm first), the guard:

• Re-applies exact permissions. Every role’s permissions and every channel’s overwrites are set back precisely to the snapshot — not a best-guess.
• Recreates deleted channels. Channels the attacker deleted are rebuilt from the snapshot, best-effort, with their settings restored.

Restore is throttled so it works smoothly within Discord’s limits, and you can take a fresh snapshot any time with Snapshot now under /settings → Anti-nuke.

Restoring re-applies a saved configuration — the snapshot taken before the attack. Anything changed legitimately since the last snapshot would be rolled back too, which is why the guard shows you the snapshot’s timestamp and asks you to confirm before it runs.

Trusted actors: the whitelist

Some accounts should be able to make sweeping changes — your most senior admin doing a planned restructure, or a management bot that creates channels in bulk. Add them to the whitelist and the guard won’t score their actions at all.

You can whitelist users, bots and roles straight from /settings → Anti-nuke using the pickers — no IDs to copy. The owner is always immune regardless of the whitelist, and you can clear the whole list in one tap.

/settings → Anti-nuke FREE ADMIN

The anti-nuke control panel: switch the guard on or off, choose whether high-confidence incidents auto-quarantine (or just alert), turn the two-person rule and channel auto-restore on or off, see your community-tuned sensitivity, and manage the trusted-actor whitelist. Take a fresh restore snapshot any time.

Server AssistantAppOnly you can see this

🛡️ Anti-nuke / rogue-admin guard

Guard

✅ on

Auto-quarantine (high confidence)

✅ on — strips powers, one-tap revert

Two-person rule

✅ revert needs 2 admins

Auto-restore deleted channels

✅ on

Sensitivity

gaming preset · e.g. 4 channel-deletes / 30s

Trusted (whitelist)

2 user(s), 1 role(s), 1 bot(s)

Whitelisted actors are never scored. The owner is always immune.

The two-person rule

There’s a subtle risk in any automatic protection: what if the compromised account is the one that tries to switch it off? The two-person rule closes that door. When it’s on, undoing a quarantine during a live incident requires two different admins to confirm — so a single hijacked account can’t quietly revert its own quarantine and carry on. It’s on by default and can be toggled under /settings → Anti-nuke.

Local to your server

The anti-nuke guard works entirely within your own server. It watches your admin activity, keeps your configuration snapshot, and acts on your server — and that’s all. It does not read from, contribute to, or consult any cross-server list or shared network. It is deliberately not a ThreatNet signal: an incident on your server stays on your server.

See also

• Audit log — the tamper-evident record the guard builds on, and how to set your log channel
• Moderation & safety — lockdown, bans and the rest of the response toolkit
• Settings hub — where the Anti-nuke panel lives
• Back to the Wiki hub