You wake up to 47 Discord notifications. Your stomach drops. Before you even open the app, you already know something is wrong.
Your server—the community you spent months or years building—is under attack. Channels are flooding with spam. Disgusting images are everywhere. Your members are panicking in DMs asking what's going on, and the raiders are @mentioning everyone just to make sure nobody misses the chaos.
Take a breath. You're going to get through this.
This guide walks you through exactly what to do when your Discord server gets raided, how to clean up the mess, and most importantly, how to make sure it never happens again.
If You're Being Raided Right Now: Emergency Response
When raiders hit your server, every second counts. Here's your immediate action checklist.
Step 1: Lock Down the Server Immediately
Go to Server Settings → Roles → @everyone and disable these permissions server-wide:
- Send Messages
- Send Messages in Threads
- Add Reactions
- Connect (voice channels)
- Speak
This nuclear option stops everyone from posting, including raiders. Yes, it also stops your legitimate members, but right now containment is more important than convenience.
Step 2: Enable Highest Verification Level
Server Settings → Safety Setup → Verification Level → set to Highest. This requires a verified phone number to participate, which stops most raiders cold since they're typically using throwaway accounts.
Step 3: Turn On Slowmode Everywhere
If you need to allow some communication, enable slowmode at 30 seconds or more on critical channels. This rate-limits how fast anyone can spam.
Step 4: Start Banning
Now that the bleeding has stopped, start removing raiders. Look for accounts with matching patterns: similar usernames, recently created accounts, no avatar, or accounts that joined within the same time window.
Use Discord's audit log (Server Settings → Audit Log) to see who joined recently and track who's posting the spam. Raiders often join in waves within minutes of each other.
Step 5: Delete the Spam
Once raiders are banned, delete their messages. Right-click a raider's message → Delete → check "Delete message history" to remove all their messages at once.
The Aftermath: Recovering Your Community
The raid is over, but the damage isn't just in deleted messages. Your community is shaken. Here's how to rebuild.
Address Your Community Directly
Post an announcement explaining what happened. Be honest about it—your members saw the chaos and pretending it didn't happen just makes you look out of touch. Something like:
"Hey everyone, we got hit by a raid earlier today. The situation is under control now and we've banned everyone involved. We're implementing new security measures to prevent this from happening again. Thanks for your patience."
People appreciate transparency. They're way more likely to stick around if they know you're taking it seriously.
Audit Your Roles and Permissions
Raids often exploit permission vulnerabilities. Time to do a full audit. Check every role and ask yourself: does this role really need permission to post images? To use @everyone? To create invites?
The principle of least privilege applies here: give people only the permissions they actually need, nothing more.
Check for Compromised Accounts
Sometimes raids happen because a moderator or trusted member's account got compromised. Look at your audit log and see who created the invite the raiders used. If it was a trusted member who claims they didn't do it, their account might be hacked.
Review Your Invite Links
Speaking of invites—where did the raiders come from? If you have a public invite link posted somewhere, that's probably how they found you. Consider using temporary invite links that expire, or setting up a screening process for new members.
Why Raids Happen (And Why They Keep Happening)
Understanding why servers get raided helps you prevent future attacks.
Most raids aren't personal. Raiders target servers for clout in their own communities, for "fun" (their definition of it), or just to cause chaos. They find vulnerable servers through public server lists, shared invite links, or by searching for servers that don't have proper protections in place.
The servers that get hit repeatedly share common traits: they rely entirely on human moderators, they don't have automated spam protection, their verification settings are too low, and their permissions are too permissive.
Here's the uncomfortable truth: human moderators can't compete with coordinated raids. Attackers use bots and scripts to flood channels faster than any person can respond. By the time you've banned one account, ten more have already joined.
How to Prevent Future Raids
The best raid recovery is one you never have to do. Here's how to harden your server against future attacks.
Set Up Verification Gates
Discord's built-in verification isn't enough. Consider adding a verification bot that requires new members to react to a message, answer a question, or solve a simple captcha before they can access the server. This stops most automated raid bots instantly.
Use Role-Gated Channels
Don't give new members immediate access to post everywhere. Create a "welcome" or "verify" channel where new members can introduce themselves and earn access to other channels. This creates a natural buffer against mass-join attacks.
Implement Automated Moderation
This is the big one. Human moderators sleep. Human moderators have lives. Human moderators can't process 50 spam messages per second.
SfwBot handles the stuff humans can't keep up with. It automatically detects and removes spam patterns like message flooding, copy-paste spam, mention spam, and invite spam. It also uses AI to scan images for NSFW content, so those shock images raiders love to post get deleted before anyone sees them.
The spam protection is completely free, which means there's really no excuse not to have it running.
Restrict Permissions by Default
Go through your @everyone role and disable everything except the absolute basics. New members shouldn't be able to: post images (until verified), use external emojis, add reactions, create threads, or use @everyone/@here mentions.
You can create a "Verified" role that unlocks these permissions after members prove they're not raiders.
Enable Discord's Built-In Safety Features
Make sure you're using everything Discord gives you. Go to Server Settings → Safety Setup and enable AutoMod. Set up rules for common spam patterns, slurs, and suspicious links. It's not as comprehensive as a dedicated moderation bot, but it adds another layer of protection.
Consider a Raid Mode Protocol
Set up a quick-response system for raids. This could be a role that automatically gets pinged when suspicious activity is detected, a command that instantly locks down the server, or a channel specifically for moderator coordination during emergencies.
Some moderation bots offer "panic buttons" or raid mode features that automate this entire process.
Choosing Your Defense Strategy
The level of protection you need depends on your server's size and visibility.
Small private servers (under 100 members) can often get by with proper verification settings and basic permissions lockdown. Raids are less likely to target you if you're not publicly listed.
Medium community servers (100-1000 members) need automated moderation. At this size, you're visible enough to attract raiders but probably don't have 24/7 human moderation coverage. A bot like SfwBot can fill those gaps.
Large public servers (1000+ members) need multiple layers of protection: verification gates, automated moderation, active human moderators, and established protocols for handling incidents. Consider using SfwBot's premium features like advanced strike management for handling repeat offenders.
Free monthly image scans with SfwBot—enough for most growing servers
Common Mistakes That Make Raids Worse
Learn from other server owners' painful experiences.
Engaging with raiders. They want attention. Don't give them the satisfaction of arguing or threatening them. Just ban and move on.
Not backing up your server settings. If raiders somehow get admin access (through a compromised account), they can destroy your server structure. Keep a backup of your role configurations, channel structure, and bot settings somewhere safe.
Relaxing security after a quiet period. "We haven't been raided in months, we can lower verification." Famous last words. Raiders specifically look for servers that have let their guard down.
Over-relying on one protection method. Defense in depth matters. Verification gates, automated moderation, smart permissions, and active human moderators each catch different types of attacks. You need all of them working together.
Building a Raid-Proof Community
The ultimate protection against raids is a strong, active community that self-moderates. When your members care about the space, they'll report suspicious activity, help new legitimate members through verification, and support each other during incidents.
Create a channel where members can report suspicious activity. Make sure reports go to a private channel that only moderators can see. This turns your community into an early warning system.
Getting raided sucks. There's no way around that. But every raid is also an opportunity to strengthen your server's defenses and demonstrate to your community that you take their safety seriously.
Clean up the mess, implement real protection, and get back to building something great. Your community is counting on you.
Quick Reference: Post-Raid Checklist
For easy reference, here's everything covered in this guide:
Immediate response: Lock @everyone permissions, enable highest verification, turn on slowmode, ban raiders using audit log, delete spam messages.
Recovery: Post community announcement, audit role permissions, check for compromised accounts, review invite sources.
Prevention: Set up verification gates, use role-gated channels, add automated moderation, restrict default permissions, enable Discord safety features, create raid response protocols.
The servers that survive raids aren't the ones that never get attacked—they're the ones that prepared for it.