Random Players getting op

Discussion in 'Spigot Help' started by CreepusXplodus07, Apr 6, 2019.

  1. I have no idea how or why this is happening but in the last few days 2 random players have got OP. No player /op-ed them cause there is no such command in the logs. I rly rly rly need to fix this before something rly bad happens
  2. SteelPhoenix


    Can you share a server log/list of plugins etc
  3. Plugins (31): CleanroomGenerator, CoreProtect, PsudoCommand, ColoredSigns, TempFly, FirstJoinPlus, OpenInv, Essentials, EasySetSpawn, Votifier, ProtocolLib, Multiverse-Core, CommandAliasNP, fChat, eZProtector, VotingPlugin, FastAsyncWorldEdit, UberEnchant, BlocksHub, Suggestions, PermissionsEx, ChatEx, SuperVanish, Bondage, PlayerDeathLocation, BuycraftX, WorldEdit, WorldGuard, Shopkeepers, AddLight, GriefPrevention
  4. SteelPhoenix


    You should remove the IPs from the log
  5. Good Idea, i removed all of them

    Attached Files:

  6. Can someone help me out with this? Its rly important
  7. Maybe this?

    [13:38:32] [Server thread/INFO]: Humbulumbu issued server command: /op

    Line 2734

    Not sure if this means anything
  8. Thats my alt checking if a normal player has access to /op for some weird reason
  9. is it a bungeecord connected server? or is it just spigot (without bungee). And is it in online or offline mode the server.
  10. Normal spigot, no bungee and its in online mode
  11. If there is no logs of it or there is no logs of the command is it possible someone with file access removed it
  12. Celebrimbor


    To clarify, did someone mysteriously obtain OP during this specific log period? Or has it just happened at least once in the past and you are unable to explain or find the log?
  13. Also, does anybody have access to your account on Minecraft, or your server hosting log in information? This could determine who might be using the op commands.
    • Creative Creative x 1
  14. Disable the op command with worldguard global flag and use a plugin to restrict access by permission and password. Use a better logger and last change all login data from the server and your mc acc. This might solve your problem.

    Also if on Linux use SHH and disable root login.
  15. It first happened when that log file was the latest one meaning if a player used a command it would be there
  16. if you have a linux host SSH in and navigate to the logs directory then run this command:
    zgrep 'issued server command: /op' *.gz


    zgrep 'issued server command: /minecraft:eek:p' *.gz

    should show you everyone that's ever used the /op command on your sever since the beginning of your logs it will take a while if there are a lot of logs in the directory... You can narrow this down if you're sure it happened say this month by doing:
    zgrep 'issued server command: /op' 2019-04-*.gz just change the month in the date to check on a per month basis.

    It's also worth going into your permissions plugin file and searching for the op permission as well as * as some players may have it and you not know about it.

    Finally are command blocks enabled on your sever?

    were ALL of your plugins downloaded from reputable sources? I'm not familiar with Bondage or PsudoCommand are you sure they came from reputable sources? Have you removed any plugins lately that could have had some shady code in them?

    if there's a line of code in a plugin that does this:
    it won't show up in the logs at all unless the plugin's author specifically logged it.
  17. maybe FirstJoinPlus executes commands on join?
    • Like Like x 1