Technical & Security Background

Last Revised: November 15, 2021

Please note that the content below is outdated and needs to be updated. It may not reflect the current state of the bot.

Core Engine

The bot is written in Node.js and uses Discord.js v13 as its core Discord library.

Here are some key details about GiselleBot:

99.85% uptime.
28 self-developed RESTful microservices supporting the bot's operations.
~90,000 lines of code.
Present in ~10,000 Discord servers, reaching ~7.8M users.
Development started in September 2017.
GiselleBot transitioned from a private bot to a public bot in March 2018.
Since December 2019, GiselleBot has handled over 870,000 successful commands, with an average of ~1,200 commands per day.

Architecture Slide

The bot is hosted on GalaxyGate. The infrastructure consists of five main components:

1 Web Server hosting the documentation website and the API gateway used to communicate with the bot(s).
1 Application Server hosting the bot itself.
1 Application Server hosting the supporting microservices.
3 MongoDB machines forming a high-availability Replica Set.
3 Redis instances forming a high-availability set managed through Redis Sentinel.

Additionally, some PaaS services are provided by Amazon Web Services (AWS):

Object Storage buckets hosting temporary (encrypted) files sent to end-users via various commands.
A centralized log management system.
A Key Management System (KMS) / Secrets Manager storing secret keys and API keys used by the bot.
A DNS managed service hosting public domains (cycloptux.com, gisellebot.com, gisl.eu) and internal private domains.

Below is a detailed overview of the security features implemented in GiselleBot:

Internal network communications occur only on a private VLAN and never traverse the internet.
Network connections between servers and databases are encrypted using SSL/TLS (TLS 1.1+) with two-way certificate validation.
API gateway connections use HTTPS (TLS 1.2+) with strict two-way certificate validation.
Certificates are issued by an internal Certificate Authority (CA), stored offline when not in use.
Web server access is protected by Cloudflare and HTTPS encryption with automatically renewed certificates from Let's Encrypt.

All storage media are encrypted at the low level.
Sensitive data in the database is encrypted using AES-256-GCM and AES-128-GCM algorithms.
Temporary files generated by commands are stored in encrypted Object Storage buckets and further encrypted using 7-Zip's AES-256 algorithm.
Passwords for encrypted files are never logged and can be deleted by users to remove them from Discord.
Retention for temporary files is set to 30 days.

SSH access is restricted to the internal network via a hardened bastion VPN endpoint.
Access to virtual servers requires private keys and, in some cases, multi-factor authentication.
Sensitive information is fetched from the KMS or passed via temporary environment variables.
All actions and accesses are logged, including bot commands and API gateway activity.
The API gateway enforces authentication and authorization workflows, issuing temporary tokens to users.

Each host is protected by a local firewall, ensuring only necessary ports are open.
SSH service is not exposed to the internet.
Infrastructure management portals are secured with strong passwords and multi-factor authentication.
Secret keys, tokens, and credentials are never stored locally; they are fetched from an external KMS at runtime.
The database is backed up every 12 hours, with backups retained for 30 days in a highly available Object Storage repository.
The source code is stored in private Git-based repositories.