Discord API: Prevent @everyone pings for webhooks

Hello, I have a honeypot project that records when people attempt to break in to a fake wordpress login page. It sends some details (including the attempted password to my discord)

Last night, somebody clever learned that you could visit the honeypot on a VPN and type @everyone into the password slot, pinging my entire discord server. Is there a way to prevent pings from webhooks? Thanks.

While you can’t prevent pings from webhooks or turn off permissions for webhooks, you could check if the password/username field contains @everyone or @here.

1 Like

You can just use the allowed_mentions feature which will enable you to disabled everyone/here/role pings.

{
  "content": "@everyone hi there, <@&123>",
  "allowed_mentions": {
    "parse": []
  }
}
3 Likes

Thanks, that did the trick!

but why not use an embed for it too also? It will look a lot nicer, and there are plenty of online embed generators

I suppose, but embeds can take up quite a bit of room.

lol, this sounds like Rin’s work. i wonder if she’d find another way to get around this, if it is her.

No, the “clever person” is in this thread. :wink: :stuck_out_tongue_winking_eye:

1 Like

HINT: Reply #5

1 Like

Yeah, I know. Rin told me it wasn’t her.
She said “No, it was certainly not me. I don’t have time to hack boring websites like Wordpress.”