Last line of defense · sits underneath Wick, Ducky, Dock

Cerberus

Built to catch what the others miss.

Threat model sourced from interviews with active raiders. Detectors tuned to the patterns they actually use, not theory. No user whitelisting. Every member is subject to every detector — including admins.

Add Cerberus to your server See command reference

Free for defense $10/mo per server for the active layer Cancel anytime

Detectors

20+

Response time

<1s

Backups

100 rolling

User whitelist

none

01 / Detection

What fires automatically.

Cerberus runs over 20 detectors on Discord events. These are the highlights — each tuned to threshold values set from real-world raid patterns.

Mass-action bursts

channel · role · member · invite

Channel-delete, channel-create, role-remove, member-rename, member-ban, member-kick, invite-create. Each on its own threshold and bans/kicks the actor as soon as the line crosses.

Slow-burn raids

15+ destructive over 1h

15+ destructive actions over an hour, even if no single burst trips. Catches actors pacing themselves to dodge per-event detectors.

Webhook abuse

creation rate · message volume

Creation rate, message volume, role-ping velocity. Abused webhooks are deleted and the creator gets banned.

Permission escalation

admin · manage · ban · kick

Any role gaining Administrator, Manage Server, Manage Roles, Ban, Kick, Manage Channels, or Manage Webhooks gets reverted within seconds.

Hierarchy guard

no auto-lockdown

If anyone moves a role above Cerberus, the owner gets DM'd. Auto-lockdown is intentionally disabled here — that path produced too many false positives.

Bot adds

owner-only authorization

Only the server owner can add bots. Anyone else adding one triggers an auto-kick. Eliminates the most common compromised-admin attack vector.

Premium

Cross-guild raider intel

premium · auto-ban on join

When a member who's been flagged in 3+ other Cerberus-protected guilds joins yours, you get an alert with their full incident history. Premium guilds auto-ban on join. Free tier is alerts only.

02 / Response

What happens when something fires.

Auto-ban / kick

Severity-based action. Banning includes a DM to the user with the reason and your appeal URL — set via /cerberus mod appeal-info.

Lockdown

Disables Send Messages, Add Reactions, threads, and Speak for @everyone across every channel. Steel-tight: snapshots taken before the lock, rolled back atomically via /cerberus unlock. A pre-lockdown full backup is also auto-saved for recovery.

Raid mode

/cerberus raid-mode drops every detector's threshold to zero — fires on first action. Auto-fires when 4+ high/critical incidents happen in 60 seconds. Premium guilds can define custom triggers via /cerberus raid-mode trigger-add.

Hardening pass

/cerberus hardening-run runs the full strip in one shot: revert @everyone, strip dangerous perms from non-managed roles, demote recent joiners, purge untrusted webhooks, lock channels.

All destructive owner-only commands are gated to the server owner — staff with Manage Server can read but not change posture.

03 / Free vs Premium

Free for defense.
Premium goes offensive.

Cerberus stays free for the defensive baseline. Premium adds the active layer — auto-ban known raiders, auto-backup your server, and unlock recovery features that turn Cerberus from defensive to offensive.

Free

$0

Defensive baseline · always-on

All 20+ detectors active
Lockdown / unlock / hardening pass
10 manual backups, 30-day retention
Cross-guild raider alerts
7-day incident history
Audit + role-menu system

Add Cerberus free

Recommended

Premium

$10 /mo · per server

Active layer · billed monthly · cancel anytime

Everything in Free, plus

Auto-ban known raiders — 3+ guild flag = ban on sight
Scheduled auto-backup, 100 rolling, 1-year retention
Embed message backup (rules, role menus, info posts)
3-5x faster restore (parallelized API calls)
Custom detector thresholds (tune to your server's normal)
Custom raid-mode triggers
90-day incident history
Weekly digest DM (top actors, attack patterns)
Discohook JSON role-menu import
Watched messages (capture + restore-after-wipe)
Priority support (direct from the developer)

After payment: Cerberus DMs you to confirm. Run /premium activate guild_id:<id> on the server you want Premium for. Manage anytime with /premium manage.

04 / Reference

Full command reference.

Most commands require Manage Server. Anything that changes security posture (lockdown, unlock, trust, hardening, role menus, threshold tuning) is owner-only. Premium-gated commands marked in gold.

Read & inspect

/cerberus statusbot state, config, hierarchy position
/cerberus auditsecurity audit with action buttons
/cerberus statsdetector activity (7d free / 90d premium)
/cerberus incidentsrecent incidents (25 free / 100 premium)
/cerberus inspectincidents involving a member
/cerberus raider-infocross-guild raider profile
/cerberus hierarchy-checkverify bot role position

Moderation

/cerberus quarantineimmediate ban (owner)
/cerberus muteDiscord timeout
/cerberus mod warnlog + DM warning
/cerberus mod noteinternal note
/cerberus mod historywarnings + notes
/cerberus mod ban-historypast bans & kicks
/cerberus mod action-logevery Cerberus incident
/cerberus mod appeal-infoset ban-appeal URL (owner)

Manual control & response

/cerberus lockdownlock all channels (owner)
/cerberus unlockrestore from pre-lockdown snapshot
/cerberus hardening-runfull hardening pass (owner)
/cerberus raid-mode on/off/statusevery detector at threshold zero
/cerberus raid-mode trigger-addcustom auto-raid rules

Trust system

/cerberus trust list/add/removebot allowlist (skip rate-based detectors only)
/cerberus webhook list/trust/untrustsame for webhooks
Perm escalation, mention spam, and hierarchy checks still fire — even on trusted actors.

Probation

/cerberus probation listmembers under post-grant monitoring
/cerberus probation clearrelease

Backups & recovery

Auto-backup runs daily by default (3-deep free / 100-deep premium). Pre-lockdown backups also auto-saved.

/cerberus backup savemanual snapshot
/cerberus backup listall snapshots
/cerberus backup viewinspect a backup
/cerberus backup restoreadditive (premium parallel/faster)
/cerberus backup deleteremove a snapshot
/cerberus backup watch-messagecapture rules / role-menus
/cerberus backup restore-messagesrestore captured embeds

Role menus (backup-survivable)

/cerberus role-menu createnew menu (owner)
/cerberus role-menu add-buttonadd a role to a menu
/cerberus role-menu remove / publish / deletemanage
/cerberus role-menu list / showread-only
/cerberus role-menu importpaste Discohook JSON

Detector tuning (Premium)

/cerberus thresholds showcurrent values
/cerberus thresholds settune (owner)
/cerberus thresholds reset / reset-allrestore defaults

Setup

/setuproute alerts (alert / all / raider / log channels)
/premium info / status / activate / managesubscription

Add Cerberus to your server.

Free forever for the defensive layer. Upgrade any server to Premium when you need the active layer — no per-bot install, no migration.

Add to your server See Premium ($10/mo)

Step 1

Click "Add to your server" and pick a guild

Step 2

Run /setup to route alerts

Step 3

/cerberus tour for the walkthrough

Cerberus

What fires automatically.

Mass-action bursts

Slow-burn raids

Webhook abuse

Permission escalation

Hierarchy guard

Bot adds

Cross-guild raider intel

What happens when something fires.

Auto-ban / kick

Lockdown

Raid mode

Hardening pass

Free for defense.Premium goes offensive.

Free

Premium

Full command reference.

Read & inspect

Moderation

Manual control & response

Trust system

Probation

Backups & recovery

Role menus (backup-survivable)

Detector tuning (Premium)

Setup

Add Cerberus to your server.

Free for defense.
Premium goes offensive.