OpGuard
About
OpGuard is a plugin that protects servers against op exploits & malicious plugins by maintaining a list of verified operators and overriding the default implementation of /op and /deop with its own command: /opguard.
OpGuard offers the ability to restrict access to /op (/opguard op) with a password, useful for keeping untrustworthy staff from setting op. It's also helpful in the event a malicious user somehow gains op or when a staff member has their account broken into; users who don't know the password won't be able to op other users when OpGuard is installed.
When compared to other "Anti-Forceop" plugins, OpGuard is the most feature-packed, configurable, and secure of all.
Releases are compiled with Java 8.
If your server isn't running Java 8, OpGuard won't work.
Features
Require a password to op and deop players.
Passwords limit who can set op.
Remember: don't ever tell untrustworthy people the password!
Deny access to /op and /deop.
OpGuard denies all attempts at using /op and /deop, whether from players or console.
All op-related commands must be done through /opguard.
Players who don't have permission to use /op and /deop will see an "unknown command" error when they attempt to use either command.
Punish players that attempt to gain op.
Configure multiple punishment commands.
Hidden from /help, /?, and tab-completion.
If /plugins is disabled, players won't ever know this plugin is installed.
/opguard will display an "unknown command" message for players who don't have permission.
Extensive logging.
OpGuard keeps a log file for everything that happens with the plugin.
Logged items can be modified in the config.
Commands
Command: /opguard
Alias: /og
Usage:
Sets op for a player./opguard deop <player> <password (if set)>
If OpGuard's password is set, it must be included.
Removes op from a player./opguard list
If OpGuard's password is set, it must be included.
List all verified operators./opguard password <new password>
Set OpGuard's password./opguard reset <current password>
This will only work if OpGuard has no password set.
Removes OpGuard's password./opguard reload <password (if set)>
The current password must be correct to remove.
Reload OpGuard's config.
If OpGuard's password is set, it must be included.
Permissions
- opguard.warn
- Receives notifications and warnings from OpGuard
- Players with op have both permissions by default.
- The /opguard command is only accessible by verified operators and console.
Notice
OpGuard will check for updates (via Spiget) unless disabled in the config (set check-for-updates to false).
OpGuard submits anonymous metrics data to http://mcstats.org unless disabled in the config (set metrics to false).
Collected data is nonintrusive and includes the following:
- Server version
- Number of players online
- Java version
- Geographic location (country) of the server
- Plugin version
- Online mode status of the server
OpGuard seems to be broken. I wanted to disable punishment since i think a ban is pretty severe, kick is more acceptable. Disabled it, tried to do "/opguard reload" (I added perms before adding) (also before I added a password), and I got banned. Unbanned myself, reloaded from console, still banned when i tried to op incorrectly. Reloaded entire server, still had the problem.
Also, I tried to use plugman, and OpGuard decided to ban me for that too. Haven't tested other commands, but I also noticed a load of errors where it failed to send something about chat to OpGuard 3.2.0. I'm not testing or using it anymore so I can't give the exact error.
edit: Done on Spigot 1.11.2.
In reply to Deliphin11:
@Dark_Snake_X
It should work as long as you have Java 8.
This plugin works in 1.8 server???
@ekclifford
I can certainly add a config option for that, but the point of a password is that only extremely trusted individuals should know it. It's up to the owner to hand out the password.
Players that don't know the password won't be able to change it.
OI
bookmarked
Great idea, however, I would remove the change password from in-game parts... And have it so only the players that have access to console can change the password in config... It would make the plugin extreme more safe... And Owners can have more control (because if you already know the password an opped player, etc could change it themselves...)
Let me know if you need any help, ekclifford