Moderation

Live Threat Feed

Auto-sync a community blocklist of known scam and phishing domains so new scam waves are caught the day they launch.

Scam and phishing domains rotate constantly, so a hand-kept blocklist goes stale fast. The Live Threat Feed auto-syncs a shared community blocklist of known bad domains into your phishing protection, catching new scam waves the day they appear. It is off by default and rides on top of phishing protection.

Commands

The feed feeds exceed's phishing engine, which you control with ,phishing (needs Manage Server):

,phishing enable               turn phishing protection on
,phishing action delete        what happens to a scam link: delete, warn, timeout, ban
,phishing log #scam-log        set the phishing log channel
,phishing block badsite.com    block a domain yourself
,phishing allow oursite.com    allow a domain (your allow list wins)
,phishing unblock badsite.com  remove a domain from either list
,phishing status               show config and domain counts

Example

Turn on protection and let the feed handle the rest:

,phishing enable
,phishing action delete

Then open the dashboard's Live Threat Feed page and toggle the feed on (it requires phishing protection). The page shows domains synced and last sync time. Your allow list is always authoritative, so ,phishing allow anything the feed wrongly flags.