Introduction(top)ServerGuard was made in 2014 by Maxim Van de Wynckel in an attempt to make Spigot a safer place. It downloaded the plugins from the site and checked for patterns that could be malicious.
Over the course of many years and months it became better and better in detect new types of malicious plugins or at least warning the user that something 'strange was going on'.
Due to the vast amount of malicious plugins being uploaded on Spigot daily , we decided to sell the plugin so server owners could protect their servers.
What is it?(top)It is a plugin that gives you a bunch of insight on the actions of a plugin and if it could be malicious.
What is it not?(top)The holy grail to let you download random plugins from strangers on your server
How does it work?(top)The plugin works in several stages that are strong when combined. Each stage has it's own advantages and disadvantages.
The first stage requires a slight change in your startup script. After that change it will be able to inject method interceptors in various places that could potentially be dangerous. When those methods get called the plugin knows who fired them and can decide to block them.
The second stage will add permissions to the server. Not player permissions but java permissions. These permissions apply to plugins and possible 'children' of those plugins. With the permissions you can choose to prevent plugins from accessing folders outside their plugin directory, contacting the internet and much more. However these settings are more for advanced users.
The third stage will scan the plugin files. It will use the knowledge of malicious patters gathered since 2014 to determine if a plugin is potentially malicious. It will also show you what the plugin exactly does under the hood. If the plugin tries to hide their malicious calls, the first two stages will step in to prevent or detect it.
The fourth stage consists of multiple useful checks such as checking if the web page you downloaded the plugin from still exists, if important fields have been tampered with, if the plugin tries to connect to the internet (warning), if new 'child' plugins are loaded (modules, libs,...) and much more.
Who is this for?(top)This plugin is for server owners who care about security. A lot of time and work goes into this plugin to keep it up to date. It's a plugin that you will hopefully never need, but you will be thankful if you do.
More and more malicious plugins are appearing on spigot every day and due to forum rules it is no longer possible to download them automatically. Even if a plugin isn't malicious it may do things you do not or may not like.