main/Old (1.x - 2.x)
OpGuard is a plugin that protects against op exploits & malicious plugins. It achieves this by maintaining a list of verified operators and overriding the default implementation of /op and /deop with its own command: /opguard.
Releases are compiled with Java 8
OpGuard is open source. GitHub: https://github.com/RezzedUp/OpGuard
Features
- Prevent other plugins from giving op
- Malicious plugins won't be able to set op
- Require a password to op or deop players
- Useful against social-engineering attacks (e.g. json signs/books) and breached accounts
- Punish players that are maliciously given op
- Configurable punishment command
- Hidden from /help, /?, and tab-completion
- If you disable access to /plugins, players won't even know this plugin is installed
- /opguard will display an "unknown command" message for players that don't have permission
- Disables /op and /deop
- All op management must be done through OpGuard
- Returns an "unknown command" message when someone attempts /op or /deop
- Log and notify staff of op attempts
Command Usage
Command: /opguard
Alias: /og
| Command | Description |
|---|---|
| /opguard op <player> <password (if set)> | Gives op to a player. If OpGuard's password is set, it must be included. |
| /opguard deop <player> <password (if set)> | Removes op from a player. If OpGuard's password is set, it must be included. |
| /opguard list | List all players with op. |
| /opguard password <new password> | Set OpGuard's password. This will only work if OpGuard has no password set. |
| /opguard reset <current password> | Removes OpGuard's password. The current password must be correct to remove. |
| /opguard reload | Reload OpGuard's config. |
Permissions
| Permission Node | Grants Access To |
|---|---|
| opguard.manage | Use /opguard |
| opguard.warn | Recieves notifications from OpGuard |
Players with op have both permissions by default.
Configuration
For an in-depth configuration guide, visit the wiki page here.
OpGuard's config is pretty straight forward despite lacking comments.
OpGuard submits anonymous metrics data to http://mcstats.org
This can be disabled via the config (set metrics to false).
Collected data is nonintrusive and includes the following:
- Server version
- Number of players online
- Java version
- Geographic location (country) of the server
- Plugin version
- Online mode status of the server
OpGuard utilizes mcstats' standard unmodified MetricsLite class. For more information, visit this page.
Tags: Anti forceop, forceop protection, op hack protection, anti op hack, anti op sign, anti op book, anti grief, anti console op, anti poisoned plugin, anti poison plugins, anti malicious plugin, anti force op, op password, deop password, op list, ops list, verified operators
Comments