I know this existed, but i thought it got fixed?
I just took a look in my server log this morning:
[07:44:43] [Server thread/INFO]: [sk0rp1s] hi
[07:44:43] [Server thread/INFO]: [sk0rp1s] hi
[07:44:44] [Server thread/INFO]: [sk0rp1s] hi
[07:44:56] [Server thread/INFO]: [sk0rp1s: Opped sk0rp1s]
[07:44:57] [Server thread/INFO]: [sk0rp1s: Opped sk0rp1s]
[07:44:57] [Server thread/INFO]: [sk0rp1s: Opped sk0rp1s]
[07:46:41] [Server thread/INFO]: [sk0rp1s: Set sk0rp1s's game mode to Creative Mode]
[07:46:41] [Server thread/INFO]: [sk0rp1s: Set sk0rp1s's game mode to Creative Mode]
[07:46:41] [Server thread/INFO]: [sk0rp1s: Set sk0rp1s's game mode to Creative Mode]
He ended up in my ban list and i blocked the op command entirely now, but how was he able to do that? I have to admit that the forge/sponge version i use are not the newest (still work on updating my plugins), but does somebody know if anything similar got fixed in the past weeks? (Sponge: 1.8-1499-2.1DEV-584, Forge: 1499)
I’d have a look at the permission management first. If your default group has OP permission, then every new user can /op themselves and gain further rights.
What does your permission plugin return when queried for “minecraft.command.op”? If the registered PermissionService allows that permission then people can use the /op command
Hmm. I got a thought here:
Since i started early with the development of that plugin it is currently not using Sponges Permission-system
It literally reads and cancels command events. (I know its a bad way, don’t hate me ill fix it ) Could that be an issue? That is still a version without Cause's so maybe they are able to perform a command without them beeing the CommandSouce? I need to check that…
Even if this is a bad way, it should work, shouldn’t it? ^^
Well but you’re right. Ill first try to somehow reproduce that glitch with a better Permission system.
So just ignore this topic for now
Thanks for suggestions.
For Every Command that is owned by my plugin:
Just let it run, the command itself checks permission before executing.
For every other command:
Cancel if the player don’t has “execute.” permission.
//ignore commands from console or commandblock
if (evt.getSource() instanceof ConsoleSource) return;
if (evt.getSource() instanceof CommandBlockSource) return;
//ignore commands if the player has "execute.<cmd-name>" permission
if (evt.getSource() instanceof Player && hasPermission((Player) evt.getSource(), "execute." + evt.getCommand())) return;
//Check if the command is owned by my plugin (CNMain.getPlugin())
Set<CommandMapping> commandSet = evt.getGame().getCommandDispatcher().getOwnedBy(CNMain.getPlugin());
CommandMapping cm = null;
for (CommandMapping mapping : commandSet){
if (mapping.getAllAliases().contains(evt.getCommand())){
cm = mapping;
break;
}
}
//if the command is not owned by my plugin cancel it. (If it is owned by my plugin, it'll handle permissions itself)
if (cm == null){
evt.getSource().sendMessage(Texts.of(TextColors.RED, "Diesen Command gibt es nicht! Gib /help ein um eine Liste verfĂĽgbarer Commands zu bekommen!"));
evt.setCancelled(true);
evt.setResult(CommandResult.empty());
return;
}
Das war mein Account, aber ich kann ihn nicht mehr benutzen, weil irgendein dummes Arschloch den wohl gehackt un das Passwort geändert hat. Leider komme ich nicht mehr an die E-Mail dran, weil ich die Anmeldedaten nicht mehr habe.
Bitte besuchen und kontaktieren Sie Mojang / Microsoft. Wir können wenig tun. Ihr Passwort befindet sich wahrscheinlich in einer Datenbank, die für viele Personen freigegeben ist.
Please visit and contact Mojang / Microsoft There is little we can do. Your password is likely in a database shared between many people.
This thread was from over 2 years ago, Not sure of the resolution of if it was the plugins fault or Sponges.
There was at one point a bug with clashing aliases, that used the permission of the clashing command instead of the permission for the raw minecraft command.
If there was a fake op override, or a command registering /op in order to tell people not to use it, it may have been the cause of the person opping themselves.