Introduction

Hashnode announced the Pangea Securathon on November 1st, and after spending a decent amount of time thinking about what I should build, I decided to build a Discord bot after taking inspiration from the suggested projects in the hackathon page! Here's everything about what I built and how I built it.

What's Disecure?

Disecure (Discord + secure) is a discord bot made by me for the Pangea Securathon. It's the only bot you will ever need to keep your server safe from malicious/suspicious links/files or any other thing. Disecure uses Pangea's powerful security services to provide the following features -

- Auto Redact - Automatically redacts messages that contain profanity/private information like emails, phone numbers, credit card numbers, etc.

- Auto URL Scan - Automatically scans URLs present in messages for malicious content and deletes it if a malicious URL is found.

- Auto File Scan - Automatically scans files uploaded to the server for malicious content and deletes it if a malicious file is found.

- Logging - Logs reports of malicious content found in messages, URLs, and files to a channel in the server for you to review.

Why did I build Disecure?

I've been an active Discord user since the last 3 years and the one thing that has always upset me about discord is the huge number of spams and scams that happen in the discord servers. People lose their accounts by clicking on some kind of suspicious link that doesn't appear to be suspicious! Not to mention the amount of malware that people accidentally download from the servers!

Pangea's security services are exactly what I needed to build something like Disecure which can scan files and messages and instantly delete the messages if any suspicious activity is found. Apart from this Disecure can also redact personal information which might get leaked accidentally in servers like your API keys, credit card numbers, phone numbers, emails or anything. Disecure scans each and every message sent in your servers to keep it safe and secure!

How did I build Disecure?

Disecure is built upon the Discord API using the Discord.py wrapper & Pangea's Python SDK. For logging messages I use a simple table from free tier of Supabase.

Firstly I created a discord bot account using the Developer Portal and got my Bot's client ID & client secret. The next step was creating a new account on Pangea and then I enabled the services I needed - Redact, File Scan, URL Intel and then I grabbed the respective tokens for each of the services. The last thing was creating a new Supabase project and then get the project URL and project Key both of which are needed to connect to your database.

Next, I created a new table named logger in the Supabase project using the following query in the SQL editor -

create table
  public.logger (
    id bigint generated by default as identity,
    created_at timestamp with time zone not null default now(),
    guild_id bigint not null,
    channel_id bigint null,
    constraint logger_pkey primary key (guild_id)
  ) tablespace pg_default;

Next, I started writing the actual code for the bot. You can look at this Basic bot example to get an idea of what a discord.py bot looks like. For this bot, we need to scan every message sent in the server. Discord.py has an in-built event handler named on_message that's triggered every time a new message is sent in your server. Here's what the code would look like -

@bot.event
async def on_message(message: discord.Message):
    # ignore the message if it's from the bot itself
    if message.author == bot.user:
        return

    print(message.content) # do something with the message content

Now, by using Pangea's python SDK we can check the message content and delete it if it contains something malicious or contains someone's personal information.

@bot.event
async def on_message(message: discord.Message):
        if message.author == bot.user:
            return

        for word in message.content.split(): # don't check urls as if have another check for it
            if url_regex.match(word):
                return

        response = redact.redact(message.content)

        # check if something was redacted from the text
        if response.status.lower() == "success" and response.result.count > 0:
            await message.delete() # instantly delete the message
            await message.channel.send(
                f"1 message redacted from {message.author.mention}, redacted message: {response.result.redacted_text}",
                delete_after=5,
            ) # warn the message author about it

I added the other utilities using the same method and the added a way for the bot to log about suspicious user activities in a separate channel for the server moderators/owner to review them and take action if needed against the user. Steps to add logging channel for your server are there in the Project README.

Viewing your Server's detailed reports

Since everything is done using Pangea, all of the cases and analytics regarding malicious activities in your server can be checked using Pangea's dashboard. Pangea has a very nice dashboard with graphs and all the analytics you need to check what's happening in your server!

Challenges I faced

To be honest, working with Pangea's SDK and APIs went very smoothly all thanks to their super nice Documentation! The only challenge I faced was learning to build a discord bot and integrating it with Pangea's SDK.

Usage

Disecure is not hosted anywhere as I don't have any VPS, the only way you can use it right now is by self hosting which is quite easy! Follow the Project's README for a detailed usage guide!

Resources

• Github Repository

• Pangea Cloud

• Hashnode

• Discord.py Docs

Ending note

I really loved working with Pangea to build this project. I would like to thank Hashnode and Pangea for providing me this opportunity to work on this amazing project.

Thanks a lot for reading!