Request - Prevent webhook "bots" from pinging users

[zombiezrule]

I have a server with webhooks set up, with the intended use being for a game client to send posts via the webhook.
Recently, some unknown users have abused the webhook and have been spamming messages that are pinging @everyone and @here.
As this is a community server, I can't easily find out the individual user that has been abusing the webhook - it's possible that a banned user, or even someone that isn't in the server was given the webhook and has been spamming it.

From what I can tell, the webhook "bots" can't be given roles or custom permissions, so they are able to be abused very easily.
It would be great if webhook bots could be set up with permissions, so that we could prevent them from being abused via ping spam. Even just an option to disable pings in the webhook bot settings would be helpful.

I would prefer if I didn't have to change the whole server's notification settings to disable pings, as we use pings for other notifications that are intended to reach the community.

As a side note, it would be nice if default notification settings could be changed on a per-channel basis, as this would stop the bots from sending notifications to users unintentionally by having the default notification setting as "Nothing". Getting hundreds of users to individually change their notification settings on a few channels to "Nothing" isn't feasible either.

If there is already a way to do this, please let me know as I haven't been able to find one yet.

[devsnek]

webhook urls are not intended to be public information. we can't really support cases which involve exposing it.

[zombiezrule]

Would it be possible to allow roles/permissions to be applied to the webhook bots? I'd imagine that the default behaviour would remain if not assigned roles, but role permissions would override them.

[ckohen]

This isn't something that should be done in discord directly. You're handing out a private key as public information. You should instead create a service that receives webhooks, and posts them to your discord webhook, ensuring that allowed_mentions (and any other properties you want to force to a specific value) is set to not allow this to happen.

[zombiezrule]

I wouldn't have the faintest idea how to do any of that and I couldn't find any existing bots that can..