Anti-Phishing & /report
Phishing — fake links sent in DMs or channels designed to steal Discord tokens, cryptocurrency
wallets, or personal data — is the most common threat Discord communities face in 2025.
Guardian fights it on two fronts: an automated scan layer that checks every posted link in
real time, and a community intelligence pipeline powered by the /report command.
Automated Link Scanning
Every URL posted in any channel Guardian can see is automatically scanned against three databases:
| Database | Type | Coverage |
|---|
| PhishTank | Community-curated | Discord-specific phishing, fake Nitro sites |
| Google Safe Browsing | Machine learning | Broad web threats, malware distribution |
| VirusTotal | Aggregated (70+ engines) | Deep analysis for known malicious domains |
What Happens on Detection
Member posts a link
│
Guardian scans URL (< 200 ms median)
│
┌─────┴─────┐
Not Found Detected as Phishing
│ │
Ignored 1. Message deleted
2. Member DM'd with explanation
3. Staff alert in #guardian-logs
4. Member warned or banned (configurable)
Configure the response action with /antiphishing action [warn|kick|ban]. The default is
warn on first offense, ban on second.
The /report command turns your members into an active security network. When a member receives
a suspicious DM from another user, they can report it directly from Discord.
How to Use It
/report user:@username reason:Sent me a fake Nitro link link:https://suspicious-url.com
| Argument | Required | Description |
|---|
user | ✅ | The Discord user to report (mention or ID) |
reason | ❌ | Free-text description of the scam |
link | ❌ | The suspicious URL (Guardian will scan it immediately) |
Anti-Abuse Safeguards
To prevent false reports or coordinated harassment, /report has several built-in protections:
- Minimum TrustScore of 20 required to submit a report
- 10-minute cooldown per reporter — prevents spam flooding
- Self-report blocked — you cannot report yourself
- Already-blacklisted check — if the target is already in the Global Ban list, you’re shown
the existing record instead of creating a duplicate
What Happens After You Submit
If a link was provided, Guardian instantly queries all three phishing databases.
Automatic Global Ban (if link confirmed)
If the link is found in the phishing database:
Guardian adds the user to the Global Blacklist
The user is banned from every server in the Guardian network where Guardian has permission
Your server’s staff is notified with a confirmation embed showing the number of servers affected
Staff review (if link not confirmed)
If the link is unknown or no link was provided, a priority embed is posted to your configured
report channel for staff review:
📢 Report — Pending Staff Review
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🎯 Reported User : @suspicious_user
📣 Reporter : @trusted_member
📝 Reason : Sent me a fake Nitro link
🔗 Link : https://example-scam.com
⚡ Action : Awaiting staff decision
🔥 Priority: HIGH — 3 independent reports in 24 hours
Priority System
The priority level on a staff review embed reflects how many different members have
independently reported the same target in the last 24 hours:
| Reports in 24 h | Priority Level |
|---|
| 1 | Normal |
| 2 | Medium |
| 3 or more | HIGH |
A HIGH priority flag means multiple unrelated members independently reported the same account.
This is a strong signal of a real threat, not a coordinated false report. Treat HIGH priority
reports as urgent.
Global Blacklist
The Global Blacklist is a shared database of confirmed scammers and phishing accounts,
maintained collectively by the Guardian network.
How a User Gets Blacklisted
- A
/report with a confirmed phishing link triggers an automatic blacklist entry
- Staff can manually add an entry via
/blacklist add @user [reason]
- Guardian’s automated scanner adds entries when it detects a pattern across multiple servers
What Happens to Blacklisted Users
- Any blacklisted user who attempts to join any Guardian-protected server is automatically banned
- The join attempt is logged in
#guardian-logs
- The Global Ban applies retroactively — if the user is already in the server, a staff alert is sent
Checking the Blacklist
/blacklist check @user # Check if a user is in the global list
/blacklist add @user [reason] # Manually add (Admin only)
/blacklist remove @user # Remove an entry (Admin only)
Configuring Report Channels
By default, Guardian posts report embeds to #guardian-logs. To use a dedicated channel:
/report-config set-channel #security-reports
/report-config report-stats
