[KomoD]

Fun fact: if you come across one of these discord webhooks you can delete them.

Just curl -X DELETE https://discord.com/api/webhooks/[...]

[Etheryte]

I'm not familiar with the context here, could you please elaborate? If I understood correctly, any unauthenticated user can delete the webhook? I can currently find hundreds of matches for that on Github, anyone could just go and delete them all?

[jeroenhd]

In many cases the necessary authentication string is present within the webhook URL itself (which you're supposed to keep secret). By possessing the URL, you've proven you're authorized to use it, and with Discord that also means you're authorized to remove it.

In other cases you may need additional headers to authenticate, but if the script you've found contains the URL, it probably also contains the auth header too.

[KomoD]

Yep, anyone can delete a Discord webhook if they have the URL.

All you do is send a DELETE request to the URL.

[cl3misch]

According to other comments stating how responsive Discord is to reports, it might be better to not delete these webhooks but instead report the connected users/servers.

[Thorrez]

Interesting. Looks like this specific one has already been deleted:

    curl -X DELETE https://discord.com/api/webhooks/1050437982584324138/VJByvmBKESSUv4fYn0LIjlBR4VzMRTEPOKVJoWFvCeHd7o3LtclQMJDMuiLzT57iqn7B
    {"message": "Unknown Webhook", "code": 10015}

[jeffhuys]

LOL okay going to write a little search&destroy script tonight. Actually, no, f microsoft, let them do it.