Protecting Mineplex's and Overcast Network's Plugins

Discussion in 'BukkitDev Information and Feedback' started by mazentheamazin, Jun 1, 2014.


Do you want this to get organized?

  1. Yes

    6 vote(s)
  2. No

    8 vote(s)
Thread Status:
Not open for further replies.
  1. Offline


    As some of you may know, Mineplex's plugins were leaked, and Overcast Network's source code was leaked. Before I go into any detail into what I'm worried about, and how we should protect their plugins, I would like to say that this is all in good purpose. This post is not intended to diss them, or to judge their security is, or to judge their code, but, to help protect them and their work. Now, back to the main subject, the first and only issue I will be bring up today is people uploading their plugins to BukkitDev, and with just adding a few configs and modifying the code so it doesn't look to obvious, allowing them to be posted. The way I wish to tackle this, is to gather up all these leaked plugins/source code (I currently have Mineplex's plugins, so that’s a start), and have the BukkitDev staff to watch out for code that is similar to what we have. If any BukkitDev member would like to help me get this organized I would greatly appreciate it; send me a PM, or comment below :)

    Keep in mind, we should not let our opinions demolish our morals onto help them or not. Personally, I neither like or hate both networks, however, if I was in their shoes I could imagine how stress taking this may be, so I, and I think others, would like to help them. As Bukkit I know and love, I think we can just provide a little bit of help to them by protecting them to our limitations, which is why I hope you and other members of the community can help get my solution to be put into action. Thank you.
  2. Offline


    Report any plugins you see that are copies of their code.

    We could not possibly keep track of every single private plugin's code and check that against all submissions. Keep in mind, if we would attempt to do that for this one server's projects, we would have to do that for every private plugin developer's projects.
  3. Offline


    I understand that, however, don't you have to go through all the plugin's source for malicious code? Generally, its not like I'm asking for each and every single plugin to be looked at for their code, just ones that have ~the same idea as the ones that have been leaked.
  4. Offline


    There is a private plugin available that is the same idea as every public plugin on BukkitDev. We would end up having to compare every plugin submitted to BukkitDev against multiple private sources. Checking for malicious code takes enough time as is, we couldn't possibly keep on top of comparing each plugin to any number of private repositories. We cannot play favorites and only do that work for mineplex, we would have to do it for everyone who asks.

    Report any stolen code and provide proof, we will handle it then, just as we have always done.
    ZodiacTheories, hatstand and lol768 like this.
  5. I have the Overcast Network's code and I can supply it if needed.
  6. Offline


    ummm wut
  7. Onlineids
    So the Bukkit staff can compare code and effectively lessen the impact of the wave of skidders about to hit BukkitDev.
    davewolax likes this.
  8. Offline


    Bukkit is its own community. We worry about what we have going on here, and ensure that no code is being stolen from us. It isn't our responsibility to monitor our community, which we should have a certain level of trust in, for fraudulent actions taken against outside groups. While it is wrong to plagiarize, regardless of where the code is coming from, it is them that allowed the code to be leaked, and them that should take action to stop copycats.

    While it is not our responsibility, trying to protect them is a kind gesture, and suggesting this is very honorable. Going beyond what we have to do in order to help others, even outside of the community, shows a lot of initiative.
  9. Offline


    I have catched some source of a few plugins from MinePlex. Bukkit staff can contact me for the files...
  10. Offline


  11. mazentheamazin I think the point that TnT was making wasn't that it would take a long time to check every plugin that's being uploaded, it's that it would take a long time to create a database of all private plugins to check against - after all, the fact that Mineplex and Overcast are popular servers doesn't give them any more right to Bukkit's protection against copies being uploaded than say UnpopularCraft (wouldn't surprise me if that's actually a server. Especially if it's ironically popular). Not saying it's acceptable to upload stolen versions of Mineplex's or Overcast's plugins, just that it's not less acceptable than stealing anyone else's.

    JoeyDevs Incomprehendable The leak is still quite publicly and easily acquirable. In fact, I even found it when deliberately trying to find it using only the knowledge that it existed, and basic searching skills. This tells me that most people will be able to find it if they try (and quite quickly) so offers of providing the source aren't especially helpful, especially when it's so easily obtainable. It probably isn't going to go away, either. :)
  12. Offline


    Not Bukkit's job. If Mineplex, Overcast, or anyone else wants to monitor the submissions to Bukkit, they can report plugins just like anyone else can. Let them monitor for copies of their own plugins.
    John000708, xTrollxDudex and hatstand like this.
  13. Offline


    Just going to be honest, people have had access to Mineplex code long before this incident.
    John000708, AoH_Ruthless and AdamQpzm like this.
Thread Status:
Not open for further replies.

Share This Page