Suggestion Add some security features to Spigot.

Discussion in 'Community Feedback and Suggestions' started by funkemunky, May 19, 2017.

Thread Status:
Not open for further replies.
  1. There are some well-known exploits in Spigot through packets. Whether it would be to grab IPs or crash servers. Certain clients like Conceit can crash regular spigot servers without a decent anticheat. NoCheatPlus will stop a majority of this, but it doesn't work fully. Can you guys implement security without the need of your community having to get involved?

    Thanks!
    - funkemunky
     
  2. For exploits, submit more bug reports or pull requests. If you really need some measure to stop unknown attacks (any packet flooding), you better look for external plugins because that feature may greatly affect existing stuffs.
     
  3. electronicboy

    IRC Staff

    maintaining patches for every single bug/issue with Minecraft would just become massively tedious, even plugins like NCP or AAC are highly limited in what they can do (and are wildly complex in what they do), and so is spigot; You are somewhat limited to trusting everything the client tells you unless you can prove otherwise, which isn't really always possible...

    I've also never seen an exploit in Spigot that allows you to grab somebodies IP address... Crashing servers is also an odd one, without knowing what is causing the actual crash, e.g. the mechanisms used, it's pretty hard to handle it. Sometimes, we can deduce enough from a stack trace for the crash to work out what is going on, other times it's not really all that possible, sometimes the crash is just a cause of the software working properly and people making it work too much... You can only capture so many cases, sometimes you're hardly given much working space to go off.
     
  4. md_5

    Administrator Developer

    I'm not aware of any "well known exploits" that aren't fixed.
    If you come across one you can open a private ticker on the bug tracker. And no exploit ever in the history of Minecraft can grab players ip addresses.
     
Thread Status:
Not open for further replies.