The Problem
Discord selfbots - automated user accounts - are used for spam raids, phishing, and coordinated attacks. Traditional moderation bots scan message content, but that requires the MESSAGE_CONTENT privileged intent and raises privacy concerns.
I wanted to catch bots without reading what people type.
The Insight
Discord's gateway broadcasts a TYPING_START event every time someone begins typing. This is metadata - it tells you WHO started typing, WHERE, and WHEN.
A human needs 300-500ms just to switch focus between two Discord channels. A selfbot fires parallel HTTP requests and can trigger typing in multiple channels within 5-50ms.
That gap is massive. A hard threshold of 150ms catches every bot without touching a single real user.
Selfbot Human
┌─────┐ ┌─────────────────┐
│5-50ms│ │ 300-500ms+ │
└─────┘ └─────────────────┘
▲ ▲
│ │
CAUGHT SAFE
Beyond Typing: Ghost Detection
Some selfbots disable typing events entirely (using "silent typing" plugins). So I added the inverse detection:
If a message arrives WITHOUT a preceding TYPING_START - that's suspicious.
Normal Discord desktop clients always fire a typing event before sending. No typing + message = likely automation.
Channel Sequence Fingerprinting
Selfbots often iterate channels programmatically - by ID order (ascending or descending). Humans jump between channels randomly based on interest.
If I see typing events hitting channels in perfect numeric ID order - that's a bot fingerprint.
The Stack
- Rust - lock-free DashMap correlator, sub-millisecond detection
- Twilight - lightweight Discord gateway library (not discord.js)
- SQLite - persistent detection history, incident timeline
- Zero privileged intents - no MESSAGE_CONTENT, no GUILD_MEMBERS, no PRESENCE
What It Cannot Do
- Read messages (by design)
- Catch 100% of threats (behavioral signals are probabilistic)
- Replace Discord AutoMod (it complements it - AutoMod for content, Wiretrip for behavior)
Try It
https://wiretrip.lol - free, safe defaults (log-only mode), 30-second setup.
Top comments (0)