Want a better Minecraft server? Read about SpigotMC here!
Separate names with a comma.
Discussion in 'Spigot Discussion' started by Rudeyz, Jan 8, 2015.
this is not exist
In my experience, you have to make you're own forceop program. I had a guy on my server who made and updated a force-op client mod.
It is real.. Im not kidding.. This guy on another server I am staff on, said he had forceop and Of course I didn't believe him. And I did /whois <HisName> and saw he was not opped, And when he did it, it was legit and I saw he deopped all of us and all that.. So do u want to stop it or make ur own?
Yeah some ppl "really hacker" have op client but not many . my case already sovel .
The to @Absentee23 and
How to sovle ? Make custom skript group have permission and only console have permission add that group .
Nope, not, no, never.
ForceOp is not a thing. If you install plugins made random people, they can sneak some malicious code in. Also, one of your staff members may have decided to be a traitor.
Just for the record. There has been a glitch where players could place command blocks in creative servers to op themselves. Also known as KneeCrack IIRC.
It's been patched already in the latest Spigot, and it only works for 1.8 afaik.
There's also methods of joining a bungeecord network as specific and faked player. Sneaky but true.
Just to settle this thread completely, the kneesnap bug was introduced in 1.8, where mojang decided to let people in creative spawn command blocks with pre-defined commands, even if you aren't OP, despite the commands themselves being run from console.
The same issue was found with signs, if I remember correctly, which was possible to exploit without even being creative.
Mojang, for some reason, let this bypass the disable-commandblocks option.
Orrrr I think this should prevent the ops. Basically create a plugin that on enable it goes through all online players and checks if they have a certain permission. Op.no - deop them every second so, if they are forceopping or something then they keep getting deopped. I think that should work. Tho there are some bugs in it too. Deoppjng the people who are ops every second too . lol I have yet to find a fix for that.. But u guys are free to try this. As long as credit is given to meh
It's just KneeSnap, update Spigot.
Sorry to revive this really old thread, but this is still a very MAJOR exploit that has not been fixed.
The user Kneesnap log in to my server and attempted the same things mentioned in this thread but was stopped before he could do much. One of the main exploits he did was create an Essentials "Buy" sign that bypassed the color checks allowing him to create valid signs. No this is not an issue with my permissions, plugins, or configurations. I was able to talk to him and he stated that he has his own client that performs these exploits (as his youtube channel confirms.)
Kneesnap created multiple essentials signs without any special permissions including buy and sell (for money) and gamemode signs. Once in Gamemode he had the capability of creating and placing a command block that could do anything he wants in one of the latest versions of Spigot. (As of: git-Spigot-f928e7a-e91aed8 (MC: 1.8.7))
That's because starting from 1.8 you can actually place the signs with color on them.
Did you install gitBash?
Awe, that's really nice of you! Need more people like that around the community... I have met some horrible ones, what short time ive been on pc...
You technically can forcefully op yourself in the past and still can on a few servers; "exploits" and proxing methods like session stealing, the mojang account exploit, sign book exploit, command block exploit, etc that happened in the past happened, and you can't hind that by saying "There isn't and never will be".
I agree with you, I've seen this done before...
To name a few more:
Premium accounts exploit: http://goo.gl/qzr2Uz (youtube)
Session stealing: https://mojang.com/2012/07/houston-we-have-a-problem/
Book force op: http://goo.gl/deEgpt (youtube) [not condoning the download - could be a virus]
I figured out how people do it but not how to stop them from doing it.
Im having this essentials issue too, have you found a solution?
You probably had some sort of permissions problem.
Nop. Its some plugin that allows for the use of colors in signs, i haven't pinpointed with one is it yet.
If players do a trick that im not going to explain for obvious reasons they can make essentials sings without any perms.
My solution was to block & and [ in signs using ChatControl plugin.
I will never support a server running in offline mode, and I believe I'm speaking for the entire community.