So, a while ago this thread was created where a user found a backdoor in some plugin here on Spigot. We have resource staff working hard on keeping the forums safe, but realistically speaking, sometimes they miss an entry here and there. If a backdoor gets uploaded, people will download and install it. When a resource staff member later deletes the plugin because of malicious code, the user isn't notified what so ever. It prevents people from downloading it in the future, but it doesn't help the ones that downloaded it. My suggestion: Add an ability for resource staff member to alert the downloaders after a resource was deleted. This can be optional, and a category can chosen, for example a malicious category. I don't think Spigot takes care of what users downloaded the resource, however, you can use the list of users that watch the resource and notify those users. You'd probably alert 9 out of 10 people with that. Additionally, you can send a message with instructions to every resource watcher with details of the backdoor, for example instructions on how to fully delete it. With this you can assure a little more safety on the community. Tagging @2008Choco since he was involved with the deletion and discussion of the resource. Also tagging @peyman since he discovered the backdoor.