Security News Discord will switch to temporary file links to block malware delivery

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,672
Discord will switch to temporary CDN links for all users by the end of the year to block attackers from using its content delivery network for malware delivery.

"Discord is evolving its approach to attachment CDN URLs in order to create a safer and more secure experience for users. In particular, this will help our safety team restrict access to flagged content, and generally reduce the amount of malware distributed using our CDN," Discord told BleepingComputer.

"There is no impact for Discord users that share content within the Discord client. Any links within the client will be auto refreshed. If users are using Discord to host files, we'd recommend they find a more suitable service.

"Discord developers may see minimal impact and we’re working closely with the community on the transition. These changes will roll out later this year and we’ll share more info with developers in the coming weeks."

After the file hosting change (described by Discord as authentication enforcement) rolls out later this year, all links to files uploaded to Discord servers will expire after 24 hours.

CDN URLs will come with three new parameters that will add expiration timestamps and unique signatures that will remain valid until the links expire, preventing the use of Discord's CDN for permanent file hosting.

While these parameters are already being added to Discord links, they still need to be enforced, and links shared outside Discord servers will only expire once the company rolls out its authentication enforcement changes.

"To improve security of Discord's CDN, attachment CDN URLs have 3 new URL parameters: ex, is, and hm. Once authentication enforcement begins later this year, links with a given signature (hm) will remain valid until the expiration timestamp (ex)," the Discord development team explained in a post shared on the Discord Developers server.

"To access the attachment CDN link after the link expires, your app will need to fetch a new CDN URL. The API will automatically return valid, non-expired URLs when you access resources that contain an attachment CDN URL, like when retrieving a message."
 

Seandc33

Level 1
Sep 18, 2023
9
I wonder if this will also affect people posting images. Having a image link Constantly change would be very annoying.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top