Login Events?

Discussion in 'Spigot Plugin Development' started by TheKneeOfSnap, May 25, 2016.

  1. I wanted to add an alert to one of my plugins that alerts me when someone attempts to login with an invalid session, or just login as a "cracked" user. I can't seem to find an event in the spigot javadoc that runs on an authentication failure. Is this possible?
     
  2. We don't support cracked servers.
     
  3. I dont think he means that he has a cracked server, I think he is looking for if someone tries to login with a cracked account.

    This is not possible because the server does not handle authentication requests, the Mojang authentication servers do.
     
    • Agree Agree x 1
  4. I believe you could use the AsyncPlayerPreLoginEvent and get the result of the login attempt If the result is KICK_OTHER, there's a chance that they aren't a real player.

    I'm not sure what kind of requirements would cause the KICK_OTHER result to be thrown, so this method isn't 100% fool proof.
     
  5. My server isn't cracked, but I've found that certain users try to login as cracked accounts like Notch, and I like to log stuff like this.
    Spigot handles authentication by communicating with Mojang servers, a player trying to connect still goes through the spigot server, as it shows up in the console as them being kicked for not having a valid session.
    Alright, thanks! Let me try that out.
     
  6. Hmm, I can't seem to get that to work.
    Code (Text):

    @EventHandler
        public void onLoginPreAsync(AsyncPlayerPreLoginEvent event){
            System.out.println("Triggered!");
            System.out.println(event.getLoginResult());
        }
     
    This never triggers when a player fails auth, but when normal players join it runs on them.
     
  7. I'm not sure then - sorry.
     
  8. Considering it would be somewhat difficult in achieving this task, one 'hacky' way of doing so would be to possibly

    • Get the event in which the user is kicked if they are not found with a validated session
    • Obtain the kick result and type
    • Check for the event message and check for matching strings to the default "failed to login" or "failed to authenticate" or whatever the message may be, and log to file that they are not validated

    This, of course, I am not sure will work at all, and if so, is probably not the best way to handle this, considering a major flaw would be if the authentication/session servers were to be offline, then of course there would be no way to tell if the user is having a 'true' validated session. I suppose this could be a temporary -not best- workaround solution until an official solution can be brought forth. Even so, the solution will not be easy.

    However, Mojang session servers are hardly down and are ever only down for a long period of time if there is some sort of attack towards them.
     
    #8 ChefJava, May 25, 2016
    Last edited: May 25, 2016
  9. Have you tried using a packet listener?
     
    • Agree Agree x 1
  10. I'll give this a shot, auth servers being down will be annoying to deal with.
    That's my last resort method.
     
  11. I don't think dealing with the auth servers being down will be a problem at all. How often are people really gonna be trying to join as Notch? And the auth servers are rarely down anyway.
     
  12. Well, actually I get people thinking that their "Wurst Authme cracker" will give them Op on an online-mode server about as much as people trying to login as cracked users, which is more than you'd think. I think I'll be resorting to using PacketListenerAPI as even the kick event doesn't seem to fire.