OpVerify

Abandoned
OpVerify
Download
<p>Don't Troll the images. I type the name of the plugin in google and hit images. Thus this was the one I liked.</p>

Don't Troll the images. I type the name of the plugin in google and hit images. Thus this was the one I liked.

Description

OpVerify

Verification System for Operators

Stop Session Stealing

The other day I had a player join my server and explained to me that he had had a player advertising my server on his server. I had a clue about what was going on so I joined to investigate. The server had several players but it said that it was whitelisted. When I rejoined I had the console in the background and noticed that players were being given operator, and when I checked the ops.txt quite a few of these joining players were being given op. After researching this I already had an idea of what was going on. Session Hijacking. With this in mind I could not rest until some sort of system was in place. Which I bring you OpVerify.

Curious How it works Github
Server Session Info Here
Video Showing The Session Hack Here

OpVerify's Features Include

  • All joining players will be removed from operator status
  • When a player joins and is already set to op all currently authenticated user will be notified and Op is removed.
  • Authentication Levels Adds Ip Address Logging, Password Protection with SHA512Hash.
  • Incorrect Password Attempts Kicks Players
  • Master Operator Ability Account.
  • Does Not Conflict with Permission Systems
  • Easy to use interface

Commands

If any of these commands are used on a semi authenticated level notifications will be sent to all Verified Operators and the Master Account.


From the master account or verified operator
/op {username}
This will enable the user as operator however a password must be set
If the user is online this will store the operators Ip

From temporary operator or as a Password change for verified operators
/oppw {password}
This will store a password as a SHA512 hash

From Ip Verified Operators
/oplogin {password}
Unnecessary if the Operators Ip Address has been verified when logging in
This will enable full operator access

From verified operators or master account
/deop {username}
This will remove the verification items of the player and remove operator

Overridden Vannila Commands

/stop
/gamemode

ChangeLog


v0.1
Initial Release

v0.2
Adjusted Digest for SHA512 instead of MD5

v0.3
Resolved a small issue with ip verification.

TODO

Removed additional vanila commands however considering implementing them again

The OpVerify Team

profile avatar
_ForgeUser7037478
Owner
  • 21
    Projects
  • 255.1K
    Downloads

More from _ForgeUser7037478View all