Getting Started
Xattix protects your Discord server from impersonation attacks. It monitors member names, profile pictures, bios, and account age to detect users pretending to be your admins or staff.
Most servers are fully protected within 60 seconds. Invite the bot, complete the wizard, and you're done.
Invite the Bot
- Click the Add to Discord button above or use this invite link.
- Select your server from the dropdown.
- Confirm the permissions and authorise.
Xattix will automatically create a #impersonation-alerts channel and send the
onboarding wizard.
Onboarding Wizard
The interactive 7-step wizard walks you through the entire setup. It appears in
#impersonation-alerts right after the bot joins.
Select the high-profile roles to monitor for impersonation (e.g. Admin, Moderator). You can choose up to 10.
Choose High, Medium, or Low sensitivity — or set a custom threat score threshold.
Choose whether to auto-kick 100% identical matches (name + picture) or alert-only for manual review.
Add contact info (e.g. email, ticket link) so kicked users can appeal, and optionally set a custom kick DM.
Optionally auto-remove members who remain roleless for too long (default: warn after 168 hours, kick 48h later).
Choose how long to keep alert history and evidence — Standard (7 days), Extended (30 days), Forever, or a custom period.
Review all your settings, optionally run a test scan, then apply the configuration.
You can re-run the wizard at any time with /config setup.
Required Permissions
Xattix needs Administrator permissions to function correctly. This enables:
- Reading member profiles and roles
- Creating and managing the alert channel
- Kicking members (if auto-kick is enabled)
- Sending DMs to warned/kicked users
If the bot can't kick members or create channels, check that its role is above the roles it needs to manage in your server's role hierarchy.
Commands Reference
All commands use Discord's slash command system. Configuration commands require Administrator permission.
/config
Configure bot settings for your server.
| Command | Description |
|---|---|
/config show |
Display all current settings, protected roles, and whitelist |
/config sensitivity <level> |
Set detection sensitivity — low, medium, or high
|
/config autokick <on|off> |
Toggle automatic kicking of high-confidence impersonators |
/config min_alert <0-100> |
Set minimum threat score to fire an alert. Alerts below this are silently suppressed |
/config kick_message <text> |
Customise the DM sent to kicked users. Variables: {server},
{reason}, {contact}. Leave empty to reset
|
/config kick_contact <info> |
Set contact info included in kick DMs (e.g., DM @admin). Leave empty to
remove |
/config roleless_thresholds <warn_h> <grace_h> |
Set hours a member stays roleless before warning, and grace period before kick. Total time is sum of both. |
/config roleless_message <text> |
Customise the warning DM for roleless members. Variables: {server},
{hours}, {user}, {contact}
|
/config auto_resolve_low <days> |
Days to keep stale LOW priority alerts before auto-resolving |
/config auto_resolve_high <days> |
Days to keep stale HIGH priority alerts before auto-resolving |
/config setup |
Re-run the onboarding wizard to reconfigure the bot |
/config enable_consent <#channel> |
Deploy the DM consent button to the specified channel |
/config disable_consent |
Disable the DM consent system |
/config reset |
⚠️ Danger: Factory reset — deletes all alerts, whitelist, protected roles, and settings |
/protect
Manage which roles are protected from impersonation.
| Command | Description |
|---|---|
/protect add <@role> |
Add a role to the protected list. Members with this role will be defenders |
/protect remove <@role> |
Remove a role from the protected list |
/protect list |
Show all currently protected roles and their IDs |
/whitelist
Exempt specific users from all detection. Useful for alt accounts or bots with similar names.
| Command | Description |
|---|---|
/whitelist add <@user> |
Add a user to the whitelist — they'll be completely skipped during scans |
/whitelist remove <@user> |
Remove a user from the whitelist |
/whitelist list |
Show all whitelisted users |
/blacklist
Manage this server's local ban list. Users on this list are kicked automatically if they rejoin. This list is scoped to your server only.
| Command | Description |
|---|---|
/blacklist view |
View this server's ban list (10 per page). Add scope:global to view
the bot-managed global scammer list (read-only) |
/blacklist add <user_id> <reason> |
Add a user to this server's ban list. They will be kicked automatically on next join |
/blacklist remove <user_id> |
Remove a user from this server's ban list. Cannot remove from the global bot-managed list |
Global vs Server Ban List
Xattix maintains two distinct layers of protection to balance server-specific control with network-wide security.
🔒 Server Ban List
Managed exclusively by your server's admins. Users added here are kicked automatically if they rejoin your server only.
- Scope: Local (this server)
- Management: Manual (admins)
- Removability: Permanent (by admins)
🌐 Global Scammer List
A network-wide list maintained by the Xattix system. It tracks confirmed impersonators across all protected servers.
- Scope: Universal (all servers)
- Management: Automatic (system)
- Removability: Controlled (read-only)
Use /blacklist view scope:global to see the latest known threats being blocked network-wide by Xattix.
/scan
Trigger a full manual scan of all server members against protected roles. Useful after initial setup or if you suspect an impersonator has already joined.
All non-bot members who don't hold a protected role and aren't whitelisted. Results appear in
#impersonation-alerts.
/status
View your server's current protection status at a glance: sensitivity level, auto-kick state, total/open alerts, protected roles, member count, and blacklist size.
/help
Display a quick reference of all available commands directly inside Discord.
/upgrade
View available premium plans and upgrade your server. Shows the current plan comparison (Free, Pro, Enterprise) with direct subscription links for Pro.
Enterprise is available via our pricing page.
For custom deployments or questions, email
contact@xattix.com.
/subscription
View your server's current subscription details — plan, status, billing source, trial info, and next billing date. Includes a Manage Billing button that opens the Stripe customer portal for plan changes and cancellations.
Configuration
DM Consent System
Discord users often have "Direct Messages from server members" disabled. To ensure Xattix can reliably deliver safety warnings and roleless cleanup alerts, we use a double opt-in consent system.
Admins deploy a persistent button via /config enable_consent. When a user clicks it, they are granted the Xattix Consent role, acknowledging they wish to receive security-related DMs from the bot.
Setup
- Create a public channel (e.g.
#get-notifiedor#onboarding). - Run
/config enable_consent channel: #your-channel. - The bot will post an embed with an "Opt-in to DMs" button.
Features that require DM delivery (like Roleless Cleanup warnings) will fallback to public pings in the alert channel if a user has not opted-in.
Sensitivity Presets
Presets adjust multiple thresholds at once. Choose based on your tolerance for false positives.
| Setting | High 🔴 | Medium 🟡 | Low 🟢 |
|---|---|---|---|
| Auto-Kick Threshold | Near-identical | Very high | Extremely high |
| High Alert Threshold | High similarity | Very high | Near-identical |
| Low Alert Threshold | Moderate similarity | High similarity | Very high |
| PFP Similarity | High | Very high | Near-identical |
| Auto-Kick Default | ✅ On | ✅ On | ❌ Off |
High catches more impersonators but may flag legitimate users with similar names. Low only fires on near-exact matches. Medium is recommended for most servers.
Threshold Reference
| Setting | Default | Range | Description |
|---|---|---|---|
| Min Threat Score | 70 | 0 – 100 | Alerts below this composite score are silently suppressed |
| New Account Days | 7 days | 1+ | Accounts younger than this get a higher threat multiplier |
Roleless Cleanup PRO+
Automatically remove members who stay roleless for an extended period. This catches abandoned or suspicious accounts that never verify.
| Setting | Default | Description |
|---|---|---|
| Enabled | Off | Must be explicitly enabled via /config roleless_kick on |
| Days | 7 | Days a member stays roleless before action is taken |
| Grace Hours | 48 | 0 = kick immediately (no separate warning) > 0 = send warning, then kick after this many hours |
| Custom Message | Default | Template variables: {server}, {hours}, {user}, {contact}
|
Instant mode (grace = 0): Use the Welcome DM to warn members on join,
then auto-kick at the day threshold with no extra warning.
Two-step mode (grace > 0): Send a separate warning DM at the day
threshold, then kick after the grace period.
Welcome DM PRO+
Automatically send a safety onboarding message to new members when they join your server. Configurable via the web dashboard.
| Setting | Default | Description |
|---|---|---|
| Enabled | Off | Toggle the welcome message on or off |
| Message Text | Safety template | Template variables: {user}, {server} |
| Target | DM | Where to send: dm, channel, or both |
| Channel | None | Fallback channel if DM fails or target is channel/both |
| Image URL | Privacy guide | Optional image embedded in the welcome message. Supports YouTube preview embeds. |
If a member has DMs disabled and the target is dm or both, the
message automatically falls back to the configured channel.
Auto-Resolve Stale Alerts
Old alerts that haven't been actioned are automatically resolved to keep
#impersonation-alerts clean.
| Alert Type | Default | Command |
|---|---|---|
| Low Priority | 7 days | /config auto_resolve_low <days> |
| High Priority | 14 days | /config auto_resolve_high <days> |
Detection System
Xattix uses the Four-Signal Detection Engine. No single signal triggers an alert alone — the system requires high-confidence corroborating evidence across independent layers to minimize false positives while maximizing protection.
Name Matching
Compares every incoming member's display name and username against all protected members using Jaro-Winkler similarity.
What It Catches
- Leet speak —
Admin→Adm1n - Cyrillic substitution —
Admin→Аdmin(Cyrillic "А") - Punctuation padding —
Admin→A.d.m.i.n - Zero-width characters — invisible Unicode inserted between letters
Names are normalised before comparison: fullwidth characters and mathematical symbols are mapped to standard ASCII, homoglyphs are resolved, and leet-speak variants are reversed.
Profile Picture Analysis
Uses perceptual hashing (pHash) to detect stolen or lightly-edited avatars. Unlike cryptographic hashes, perceptual hashes are resilient to:
- Resizing and re-compression
- Minor cropping
- Colour filter overlays
- Slight rotation or flipping
The similarity threshold is configurable per sensitivity preset (default: 90% for Medium).
Bio Matching
Compares user bios against the bios of protected members to detect copied descriptions used to build fake trust. Uses similarity analysis to catch both exact copies and slightly modified versions.
Threat Scoring
Individual signals are combined into a composite threat score (0–100) that determines the alert tier and action taken.
| Score Range | Tier | Action |
|---|---|---|
| ≥ Auto-kick threshold | CRITICAL | Auto-kick + blacklist (if enabled) |
| ≥ High threshold | HIGH | Alert with kick/whitelist action buttons |
| ≥ Low threshold | LOW | Alert (requires corroborating evidence) |
| < Min threat score | — | Silently suppressed |
Internal scoring weights are kept confidential to prevent attackers from "tuning" their profiles to stay below detection thresholds. Alerts are only fired when multiple high-confidence signals align.