ForceOp Blocker
The plugin that kills malicious plugins.
Sometimes Curse staff can be very irresponsible with their acceptance of plugins, and let a lot of malicious ones through, just to name a few examples:
- http://bukkit.org/threads/psa-decompiler-vulnerability.318878/
- http://bukkit.org/threads/psa-magix-plugin.317894/
- http://bukkit.org/threads/psa-superstring.321151/
You are expected to believe that these plugins are secure, but this is not always the case, and running one of these plugins just once could have hugely adverse effects on your entire server. This plugin is designed solely to prevent exactly that from happening.
The common thing to do is to block the "op" command, but now-a-days, plugins don't use this anyway, and having a malicious plugin on your server can seriously affect your server in VERY bad ways. This is the only plugin that blocks these plugins by completely preventing them from opping a player.
About
Only works on latest CB build. (The one most recently uploaded before the DMCA) This plugin works by extending the NMS OpList class. Any other plugin that does this will conflict. (I do not know of a plugin that does this)
Things to Note
This plugin does NOT block plugins which write directly to the ops.json file. You will need another plugin to prevent this. Most malicious plugins do not do this, but an attack like this is definitely possible.
This plugin does NOT work on any other version or variation of craftbukkit other than the latest cb version 1.7.10.
Links
- The library included in the file: https://github.com/FilipDev/JLib/tree/master/src
- The plugin itself: https://github.com/FilipDev/ForceOpBlocker/tree/master/src
How To Install
Simply drag and drop into your plugins folder.
How It Works
After intercepting a call to op a player, the plugin first prints the class call history of the attempt to op the player. This will give you the plugin that tried to do this. Next the plugin generates a random code and sends the console the code to type in order to confirm the opping was desired. Thirdly, only once you have typed the code will the player be opped.
Commands
- /allowop: The argument following this command, if matching the generated code, will confirm that the player shall be opped. Can only be executed by the console.
- Usage: /allowop [code]
Permissions
None.
Other
A good example of a plugin this completely blocks is the infamous NoCheatPlusPlus.
Help me make free plugins by donating to get me some coffee.
TODO
Add this functionality for deop aswell.
The AntiOp ForceOp Blocker Team
