Honeypot
Hidden channels that auto-action anyone who posts in them. Catches automated crawlers and curious raiders who don't read channel descriptions.
How it works
You create a channel that:
- Is named something tempting (
#nitro-gifts,#admin-only,#staff-perks). - Is hidden from legitimate members via your role + permission setup.
- Has Phantom configured to auto-action anyone who posts in it.
A legitimate member with normal access won't see the channel. A bot scraping every channel via the API, or a raider doing @everyone ping in every visible channel, will trip the trap.
Settings
| Setting | What it does |
|---|---|
| Enabled | Master switch. |
| Channel IDs | The honeypot channels. Add at least one. |
| Action | What to do when someone posts. delete + warn / timeout / kick / ban. |
| Log channel | Where hits are logged. |
| Exempt roles | Members with these roles bypass the trap. Useful for staff who might post in the honeypot for testing. |
Setting up
- Create a new channel in Discord. Name it tempting.
- Set channel permissions so @everyone can't view it (or can view but not post — your call).
- Don't tell your members about it.
- Add the channel ID to the Honeypot config.
- Set the action to your taste (timeout is a sane default).
Tips
- A
delete + banhoneypot catches the most malicious activity but has the highest cost of a false positive (a staff member testing without exemption). - Multiple honeypot channels in different categories catch a wider range of crawlers (some only enumerate certain categories).
- Naming matters.
#general-testcatches more than#staff-onlybecause crawlers think it's safe.
Permissions
security.view— see hit logsecurity.edit— tunables
Behaviour
- Only first-message-in-channel triggers — repeat posts in the same channel by the same user (already actioned) are ignored.
- Bot's own posts are never actioned.
- Pairs well with Audit Log — every honeypot trip lands there with the user ID and the channel.