How the Protection System Is Organized

The protection system isn't a random list of switches — it's built on four tiers, each with a different purpose and response speed. Understanding this split helps you configure protection intelligently instead of just flipping every switch on.

The Four Tiers#

TierPurposeExampleResponse
Limit & PunishDetect a pattern (several actions in a short window) and treat it as an attackAnti Ban, Anti Channel Delete, Anti Role DeleteAdjustable limit + time window, then punishment
Instant PunishmentImmediate punishment with no counting — the action itself is always dangerousAnti Raid, Anti Dangerous Perm, Anti Bot AddInstant, no negotiable threshold
Detection OnlyAlert only, no automatic punishment — needs a human decisionAnti Scam, Anti Invite Link, Anti Ghost PingLog/alert only
Bot Self-DefenseProtects the bot itself from having its permissions stripped — always onAnti Bot Disarm, Anti Bot Role RemovalInstant private alert to the owner (DM), cannot be disabled

Why does this split matter?#

The core difference between tiers is priority in using Discord's limited resources (seeUnderstanding Rate Limitsfor a deeper dive). The idea:

  • Identifying and stopping the attacker (kick/ban/strip permissions) — always happens at maximum possible speed, even under heavy network pressure.
  • Restoring what the attacker destroyed (recreating deleted channels/roles) — deliberately paced, because it's not equally urgent, and running it at full speed could flood requests and risk a Cloudflare ban.

The practical takeaway

You'll never notice a difference in how fast the attacker is stopped — but restoring a large number of deleted channels during a massive attack may take a few extra seconds. This is intentional and safe, not a malfunction.

Limit & Punish — In Detail#

Every feature in this section has three settings:

  • Allowed Limit: how many actions are allowed before it's treated as an attack (default 3).
  • Time Window: the period actions are counted within (default 60 seconds). An action after the window ends isn't counted with earlier ones.
  • Punishment: what happens to the executor when the limit is exceeded — ban, kick, timeout, remove roles, or just a warning.

Set the limit carefully

A limit set too low (e.g. 1) may punish a real admin intentionally deleting several old channels. Use each feature's Exceptions list to exempt specific people with a custom limit instead of disabling protection entirely.

Detection Only — Why doesn't it punish automatically?#

(an invite link from a member, a message with suspicious links, deleting a message right after pinging someone — "Ghost Ping") can be completely innocent depending on context. So this tier only alerts in the security logs, leaving the decision (kick/ignore) to the admin team.

Bot Self-Defense — Why is there no off switch?#

This tier is different from the rest: it protects the bot itself, not the server. If it could be disabled, an owner might lose the chance to find out their bot has become powerless without knowing. So it always runs regardless of any other setting.