False positives
Closed this issue · 2 comments
It seems the system you use to find these tokens are looking for all tokens on repl.it, glitch.me and similar live-time browser IDEs. This means many other useful and harmless bots are being attacked by this rather inefficient searching system. I was hosting a bot on repl.it and got a message from Discord informing me about my bot's token being invalidated. I confirmed this theory by creating a new bot on repl.it with another token and a little after it ended up here. This system is quite flawed and it would be annoying to keep running this without further improvements and patches.
If your token is exposed on replit you are putting yourself at risk of someone else taking your token and using it for spam. So it's not flawed, they are doing you a favour and making you have to secure your token properly.
This is working as intended. Secure your bot token: https://docs.replit.com/programming-ide/workspace-features/secrets