Hello, I have a honeypot project that records when people attempt to break in to a fake wordpress login page. It sends some details (including the attempted password to my discord)
Last night, somebody clever learned that you could visit the honeypot on a VPN and type @everyone into the password slot, pinging my entire discord server. Is there a way to prevent pings from webhooks? Thanks.
While you can’t prevent pings from webhooks or turn off permissions for webhooks, you could check if the password/username field contains @everyone or @here.
You can just use the allowed_mentions feature which will enable you to disabled everyone/here/role pings.
{
"content": "@everyone hi there, <@&123>",
"allowed_mentions": {
"parse": []
}
}
Thanks, that did the trick!
but why not use an embed for it too also? It will look a lot nicer, and there are plenty of online embed generators
I suppose, but embeds can take up quite a bit of room.
lol, this sounds like Rin’s work. i wonder if she’d find another way to get around this, if it is her.
No, the “clever person” is in this thread. 
HINT: Reply #5
Yeah, I know. Rin told me it wasn’t her.
She said “No, it was certainly not me. I don’t have time to hack boring websites like Wordpress.”