Maleware on SpigotMC

Discussion in 'Spigot Discussion' started by SyriaLover69, Jun 2, 2018.

  1. Yesterday I saw a thread about a maleware plugin on spigot.
    Is it really so easy to infect plugins on SpigotMC or other sites? Aren't they getting checked?
     
  2. Sadly yes
    There are more and more infected Plugins on Spigot. Some are just for griefing and destroying plugins. But there are also some big Botnet infections wich can be abused to ddos certain server.
    I really hope Spigot staff integrate a check before the resources are being published
     
  3. But what can we do against these plugins?
     
  4. There is one solution but it's really inefficient.
    Spigot could integrate a System where Spigot Staff have to check the Plugins by hand before they are being published
     
  5. This seems like a good idea but I don't think the Spigot Staff will change their system. (Never change a running system.)

    What can WE (the users of these plugins) do to protect ourselves?
     
  6. If you're a developer yourself you can of course decompile the Plugin and check it. But if you haven't got any programming knowledge you sadly can't do much :confused:
     
  7. Oh :( Can you expain this whole obfuscation thing? I read this in the maleware thread.
     
  8. Well to make it simple: You can't read the source of the Plugin.
     
  9. But if you can't read the source of the plugin, the system shouldn't be albe to handle it?
     
  10. No you can still read the source but you won't understand it.
    For example
    Something like this
    Code (Java):
    int cooldownTime = 60;
    Will look like this
    Code (Java):
    int $S$$$SS$$SS$SS = 0b101000 + 0x14;
     
  11. Ok, so there is nothing what I can do?
     
  12. Well you could hire a developer that checks the plugin for you
     
  13. And what is if my developer is the person who wants to infect me and my server or is just stupid?
     
  14. Well then you'll have a problem
     
  15. I can't quite remember what it was called but I remember a plugin/program that checks every single plugin on your pc. I think it is under "Spigot server" teme.
     
  16. ;(
     
  17. what's maleware? is it something to do with males?
     
  18. Can you link it?