Spigot TownyExploitFix (Spigot) 2018-02-27

Fixes Towny username exploit

  1. jordanwilliams1 submitted a new resource:

    TownyExploitFix (Spigot) - Fixes Towny username exploit

    Read more about this resource...
     
  2. Or you can just leave the Towny config's account prefixes at their default values 'town-' and 'nation-' and not have this issue at all because players cannot use '-' in their name on online-mode servers.

    Edit: I've been made aware that the issue is caused by Essentials Economy, which will make accounts for the towns and nations and change the -'s to _'s. Using any other economy plugin has been recommended since MC 1.8 when Essentials Economy began to reset town and nation banks.
     
    #3 LlmDl, Mar 1, 2018
    Last edited: Mar 1, 2018
  3. You should be aware of that it's possible to login as NPC's too. This could be a problem if someone set their town mayor to a NPC. A good example of this is default towns. I made a fix for all this myself too, I posted the plugin here on Spigot as well. But there are other solutions on this, renaming NPC is pretty much possible. Towny_war_chest is also another thing, if a server has towny wars.

    It's basically possible to login on these accounts and gain advantages. But this is not Towny's fault to be honest,
     
  4. I will fix those problems associated with NPC accounts and the various accounts for towny's war chests and server accounts but I cannot say I will solve an issue caused by Ess Eco which should be patched on that plugin's side of things. It would be really great if that plugin got an active development team again.

    Edit: if anyone cares to track this here's the ticket: https://github.com/TownyAdvanced/Towny/issues/2885
     
    • Like Like x 1
  5. That ticket is now completed. As of 0.92.0.11 this will close all of the above issues with economy accounts.
     
    • Like Like x 1
  6. 29.03 06:01:07 [Server] INFO ... 11 more 29.03 06:01:07 [Server] INFO at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:302) ~[Spigot-1.12.2.jar:git-Spigot-c3093ef-7e94e65] 29.03 06:01:07 [Server] INFO at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_91] 29.03 06:01:07 [Server] INFO at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_91] 29.03 06:01:07 [Server] INFO at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_91] 29.03 06:01:07 [Server] INFO at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_91] 29.03 06:01:07 [Server] INFO at me.jordan.TownyExploitFix.Join.onLogin(Join.java:21) ~[?:?] 29.03 06:01:07 [Server] INFO at java.lang.String.substring(String.java:1963) ~[?:1.8.0_91] 29.03 06:01:07 [Server] INFO Caused by: java.lang.StringIndexOutOfBoundsException: String index out of range: 7 29.03 06:01:07 [Server] INFO at java.lang.Thread.run(Thread.java:745) [?:1.8.0_91] 29.03 06:01:07 [Server] INFO at net.minecraft.server.v1_12_R1.MinecraftServer.run(MinecraftServer.java:577) [Spigot-1.12.2.jar:git-Spigot-c3093ef-7e94e65] 29.03 06:01:07 [Server] INFO at net.minecraft.server.v1_12_R1.MinecraftServer.C(MinecraftServer.java:679) [Spigot-1.12.2.jar:git-Spigot-c3093ef-7e94e65] 29.03 06:01:07 [Server] INFO at net.minecraft.server.v1_12_R1.DedicatedServer.D(DedicatedServer.java:406) [Spigot-1.12.2.jar:git-Spigot-c3093ef-7e94e65] 29.03 06:01:07 [Server] INFO at net.minecraft.server.v1_12_R1.MinecraftServer.D(MinecraftServer.java:758) [Spigot-1.12.2.jar:git-Spigot-c3093ef-7e94e65] 29.03 06:01:07 [Server] INFO at org.bukkit.craftbukkit.v1_12_R1.util.Waitable.run(Waitable.java:24) [Spigot-1.12.2.jar:git-Spigot-c3093ef-7e94e65] 29.03 06:01:07 [Server] INFO at net.minecraft.server.v1_12_R1.LoginListener$LoginHandler$1.evaluate(LoginListener.java:1) [Spigot-1.12.2.jar:git-Spigot-c3093ef-7e94e65] 29.03 06:01:07 [Server] INFO at net.minecraft.server.v1_12_R1.LoginListener$LoginHandler$1.evaluate(LoginListener.java:281) [Spigot-1.12.2.jar:git-Spigot-c3093ef-7e94e65] 29.03 06:01:07 [Server] INFO at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:485) [Spigot-1.12.2.jar:git-Spigot-c3093ef-7e94e65] 29.03 06:01:07 [Server] INFO at org.bukkit.plugin.SimplePluginManager.fireEvent(SimplePluginManager.java:500) [Spigot-1.12.2.jar:git-Spigot-c3093ef-7e94e65] 29.03 06:01:07 [Server] INFO at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:62) ~[Spigot-1.12.2.jar:git-Spigot-c3093ef-7e94e65] 29.03 06:01:07 [Server] INFO at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:306) ~[Spigot-1.12.2.jar:git-Spigot-c3093ef-7e94e65] 29.03 06:01:07 [Server] INFO org.bukkit.event.EventException: null 29.03 06:01:07 [Server] ERROR Could not pass event PlayerPreLoginEvent to TownyExploitFix v0.1
     

  7. https://www.spigotmc.org/resources/townyfix.47748/