OpVerify
OpVerify
Verification System for Operators
Stop Session Stealing
The other day I had a player join my server and explained to me that he had had a player advertising my server on his server. I had a clue about what was going on so I joined to investigate. The server had several players but it said that it was whitelisted. When I rejoined I had the console in the background and noticed that players were being given operator, and when I checked the ops.txt quite a few of these joining players were being given op. After researching this I already had an idea of what was going on. Session Hijacking. With this in mind I could not rest until some sort of system was in place. Which I bring you OpVerify.
Curious How it works Github
Server Session Info Here
Video Showing The Session Hack Here
OpVerify's Features Include
- All joining players will be removed from operator status
- When a player joins and is already set to op all currently authenticated user will be notified and Op is removed.
- Authentication Levels Adds Ip Address Logging, Password Protection with SHA512Hash.
- Incorrect Password Attempts Kicks Players
- Master Operator Ability Account.
- Does Not Conflict with Permission Systems
- Easy to use interface
Commands
If any of these commands are used on a semi authenticated level notifications will be sent to all Verified Operators and the Master Account.
- From the master account or verified operator
- /op {username}
- This will enable the user as operator however a password must be set
- If the user is online this will store the operators Ip
- From temporary operator or as a Password change for verified operators
- /oppw {password}
- This will store a password as a SHA512 hash
- From Ip Verified Operators
- /oplogin {password}
- Unnecessary if the Operators Ip Address has been verified when logging in
- This will enable full operator access
- From verified operators or master account
- /deop {username}
- This will remove the verification items of the player and remove operator
Overridden Vannila Commands
/stop
/gamemode
ChangeLog
v0.1
Initial Release
v0.2
Adjusted Digest for SHA512 instead of MD5
v0.3
Resolved a small issue with ip verification.
TODO
Removed additional vanila commands however considering implementing them again
Please update. To a stable 1.6.2 build please.
@lord0o
Session Stealer was patched. You don't need this plugin anymore.
Are you alive????
Im getting this on the console. CraftBukkit 1.4.5 R0.3 #2500
I have 1.4.5 lastest beta build. and it gave me this error on the console:
The strange thing is that the plugins SEEMS TO WORK anyway...i'm afraid if it have any bug that make the other people bypass the opverify...can you tell me something about this ?...
Thanks!
@Evanito
No, trust me. Hackers are like the flu, even when you get rid of them, they find another way to come back. There are all sorts of ways that people can bypass whatever Jeb did. It may help, but hackers always find another way in.
Guys, all session stealers were patched in 1.3 due to Jeb. Sleep safe
Great plugin and makes me and my staff feel all the more safe on our server. Hope you keep this alive because I will be using this as long as I can!
@Death_marine what about http://dev.bukkit.org/server-mods/opverify/tickets/1-verify-users-from-list-and-block-everything-till-verified/ ?
@boyinice7
Successful Trollin Achieved. Glad the plugin helps you out.
hahahah i use this on my server shure saves me alot of time. just today there was this guy asking me to go on his server. i said shure i kept my other mincraft open on my server so i logged on it said that the client was outdated he logged on to my server on my account when he was doing that i went on my other acount on that server and said "having fun with that oped acount" he said "wtf why are u all not oped" i said "good luck next time" 5 seconds later the ban hammer spoke (i banned him) love this plugin i get to troll the bad people all the time and my server stays safe =)
@Death_marine
I think you should continue to update it @Death_marine. It is still a very nice security plugin and some of us are control freaks. :P
@treestompz
Thank you all.
https:twitter.com/xlson/status/224444654421164032
Finally they fixed it. Alright the plugin still works for anyone that would like enhanced security. But this will most likely not be updated considering the original issue is now fixed.
Great! Great job man!
After yesterday, with the authentication spoofing, this is just what I needed :)d
Thank you sooo much! This is exactly what I need kudos to you my friend.
The only thing this plugin needs currently is more downloads >.>
Nice plugin!
The story that begins this description is very nice, I would have been really angry xD
I don't know if this is possible but would you be able to make the ops file connect to another file in the plugin and the op username needs to be in both files to say it's a real op (Stops hackers)
E.G:
Minecraft - ops.txt file:
player1 player2
Plugin - ops.txt file:
player1
-player2 is not in this file so he will be removed from having the op status.
@Gogosjon
Sorry, now it works ^^
Oh, I got this:
16:17:10 [WARNUNG] Unexpected exception while parsing console command org.bukkit.command.CommandException: Unhandled exception executing command 'oplo gin' in plugin OpVerify v0.3 at org.bukkit.command.PluginCommand.execute(PluginCommand.java:42) at org.bukkit.command.SimpleCommandMap.dispatch(SimpleCommandMap.java:16 6) at org.bukkit.craftbukkit.CraftServer.dispatchCommand(CraftServer.java:4 73) at org.bukkit.craftbukkit.CraftServer.dispatchServerCommand(CraftServer. java:469) at net.minecraft.server.MinecraftServer.b(MinecraftServer.java:596) at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:565) at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:449) at net.minecraft.server.ThreadServerApplication.run(SourceFile:492) Caused by: java.lang.ArrayIndexOutOfBoundsException: 0 at com.modcrafting.opverify.OpLogin.onCommand(OpLogin.java:30) at org.bukkit.command.PluginCommand.execute(PluginCommand.java:40) ... 7 more What's wrong with me?