SecretWord

Table of Contents

Default Picture

About

This description has been soo inconsistent throughout Bukkit, BukkitDev, and my GitHub. I'll be fixing this soon.

SecretWord protects moderators, administrators, and your users from session stealers, and any other MITM attacks in Minecraft by requiring users to type a "secret word" upon logging into the server the first time the plugin is installed. It will ask for that secret word if you login from a different IP address. This completely defeats the purpose of any minecraft exploit as long as your secret word is not shared.

All secret words are hashed, salted, and stored in plugins/SecretWord/players folder. This means server administrators will never know your secret word!

History

Not much, just had idea, and boom, here you are!

Video

Commands & Permissions

Surprisingly, I don't think there was going to be a lot of commands and stuff, but I don't believe that is necessary!

Commands

/sw reload - Simply reload configuration

/sw reset [playername] - Reset a player's secret word.

If you have an idea for a command, suggest it! I couldn't think of anything else to add.

Permissions

secretword.login - If enabled in configuration, people with this permission node will be required to enter/abide by SecretWord.

secretword.halfhour - After half an hour after the last login, the player with this node will be required to re-login. This should not be necessary unless you have a cruel sibling.

secretword.showjoin - Vanished Administrators! If you wish to not broadcast join messages when you join on vanish (VanishNoPacket), add this node! Believe me, it sounds misleading but here's why: If this permission node is granted, it will not handle the join message at all. If this permission node wasn't given, it will broadcast "xxx has joined the game" after you login to SecretWord.

secretword.admin.* - Gives the following 2 permission nodes.

secretword.admin.reload - Gives access to /sw reload for configuration.

secretword.admin.reset - Gives access to /sw reset to reset people's secret word logins.

Configuration

Read this.

Installation

Installation is simple & easy! Given that you've added the permission nodes above that you may think is necessary, go ahead! Drag and drop the JAR into the server and restart!

Now your server is protected.

League of Developing Le-

Enough puns, here's some extra resources:

GitHub

http://ci.gravitydevelopment.net/job/SecretWord/

Thanks Gravity for the CI!

BETA, BETA, BETA!

This plugin is back in BETA after a long hiatus. Just simply report bugs here if you wish to fix something that is broken.

Other Great Plugins

AntiBot - The ultimate Anti Spam protection for Minecraft. It trolls users who use login spam tools like PWN4G3.

Comments

_ForgeUser6420755
- Join Date: 2/8/2011
- Posts: 565
- Member Details
#20 _ForgeUser6420755

View User Profile

Send Message

Posted Sep 6, 2013
Maybe add a delay on the security message so that all the other MOTD are posted first and then it asks you to set your password, or another alternative way is that make it instead of typing in the chat you have to do a command to set your password. /register [password] and if you try to type something else. A message will say, please register a password /register [password] Also, my system OS is ubuntu and those funky double ss's for the color coding isn't working, do you mind changing the coding to the standard '&' color coding? Thanks!

Last edited by _ForgeUser6420755: Sep 6, 2013

Rollback Post to Revision RollBack
_ForgeUser6420755
- Join Date: 2/8/2011
- Posts: 565
- Member Details
#19 _ForgeUser6420755

View User Profile

Send Message

Posted Sep 3, 2013
@SuperSpyTX

Yes, please update this plugin!

Rollback Post to Revision RollBack
_ForgeUser7193477
- Join Date: 7/12/2011
- Posts: 127
- Member Details
#18 _ForgeUser7193477

View User Profile

Send Message

Posted Sep 1, 2013
Due to recent events and word of a new exploit, I am officially reviving this plugin.

Rollback Post to Revision RollBack
_ForgeUser9285872
- Join Date: 7/25/2012
- Posts: 3
- Member Details
#17 _ForgeUser9285872

View User Profile

Send Message

Posted Feb 4, 2013
I would suggest adding a command for players to change their entry password.

Rollback Post to Revision RollBack
_ForgeUser8960599
- Join Date: 5/30/2012
- Posts: 126
- Member Details
#16 _ForgeUser8960599

View User Profile

Send Message

Posted Oct 3, 2012
SuperSpyTX!!!! Are you still there?

Rollback Post to Revision RollBack
_ForgeUser7388740
- Join Date: 8/15/2011
- Posts: 21
- Member Details
#15 _ForgeUser7388740

View User Profile

Send Message

Posted Sep 27, 2012
what is the plug-in name of that minimap?

Rollback Post to Revision RollBack
_ForgeUser8902710
- Join Date: 5/16/2012
- Posts: 1
- Member Details
#14 _ForgeUser8902710

View User Profile

Send Message

Posted Aug 16, 2012
When my users register and login their secretword shows up in chat? Any help?

Rollback Post to Revision RollBack
_ForgeUser8960599
- Join Date: 5/30/2012
- Posts: 126
- Member Details
#13 _ForgeUser8960599

View User Profile

Send Message

Posted Aug 13, 2012
Man! Amazing plugin! But it need a looot of things! Custom lang message and more message spam could be cool.

Last edited by _ForgeUser8960599: Aug 13, 2012

Rollback Post to Revision RollBack
_ForgeUser7193477
- Join Date: 7/12/2011
- Posts: 127
- Member Details
#12 _ForgeUser7193477

View User Profile

Send Message

Posted Aug 2, 2012
@zachbora

The "safe-ip" idea would be pointless for the user to set for himself, because if someone else gets the same IP as the same user, that user could easily compromise his account. As far as I'm concerned, it would also be an issue too. If the user has to "relogin" at his home PC, it could show a sign that his secret word was compromised.

As far as the dynmap issue goes, I have changed priorities for the chat event. If it doesn't work, then dynmap will have to change its priorities.

@Xarc34

I (should have) fixed this one as well in the GitHub.

Rollback Post to Revision RollBack

_ForgeUser616813

Join Date: 3/19/2008
Posts: 26
Member Details

#11 Posted Jul 31, 2012

Another error ... when someone with blank name try to login.

2012-07-31 15:38:04 [SEVERE] java.io.FileNotFoundException: plugins/SecretWord/players (Is a directory)
2012-07-31 15:38:04 [SEVERE] 	at java.io.FileOutputStream.open(Native Method)
2012-07-31 15:38:04 [SEVERE] 	at java.io.FileOutputStream.<init>(FileOutputStream.java:212)
2012-07-31 15:38:04 [SEVERE] 	at java.io.FileOutputStream.<init>(FileOutputStream.java:165)
2012-07-31 15:38:04 [SEVERE] 	at java.io.FileWriter.<init>(FileWriter.java:90)
2012-07-31 15:38:04 [SEVERE] 	at org.bukkit.configuration.file.FileConfiguration.save(FileConfiguration.java:56)
2012-07-31 15:38:04 [SEVERE] 	at me.freebuild.superspytx.sc.database.SecretPlayer.saveData(SecretPlayer.java:76)
2012-07-31 15:38:04 [SEVERE] 	at me.freebuild.superspytx.sc.database.SecretPlayer.setLoggedIn(SecretPlayer.java:117)
2012-07-31 15:38:04 [SEVERE] 	at me.freebuild.superspytx.sc.events.CoreEvents.reallyLogin(CoreEvents.java:56)
2012-07-31 15:38:04 [SEVERE] 	at sun.reflect.GeneratedMethodAccessor376.invoke(Unknown Source)
2012-07-31 15:38:04 [SEVERE] 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
2012-07-31 15:38:04 [SEVERE] 	at java.lang.reflect.Method.invoke(Method.java:601)
2012-07-31 15:38:04 [SEVERE] 	at org.bukkit.plugin.java.JavaPluginLoader$1.execute(JavaPluginLoader.java:302)
2012-07-31 15:38:04 [SEVERE] 	at org.bukkit.plugin.RegisteredListener.callEvent(RegisteredListener.java:62)
2012-07-31 15:38:04 [SEVERE] 	at org.bukkit.plugin.SimplePluginManager.fireEvent(SimplePluginManager.java:477)
2012-07-31 15:38:04 [SEVERE] 	at org.bukkit.plugin.SimplePluginManager.callEvent(SimplePluginManager.java:462)
2012-07-31 15:38:04 [SEVERE] 	at net.minecraft.server.ServerConfigurationManager.attemptLogin(ServerConfigurationManager.java:229)
2012-07-31 15:38:04 [SEVERE] 	at net.minecraft.server.NetLoginHandler.b(NetLoginHandler.java:102)
2012-07-31 15:38:04 [SEVERE] 	at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:94)
2012-07-31 15:38:04 [SEVERE] 	at net.minecraft.server.Packet1Login.handle(SourceFile:68)
2012-07-31 15:38:04 [SEVERE] 	at net.minecraft.server.NetworkManager.b(NetworkManager.java:246)
2012-07-31 15:38:04 [SEVERE] 	at net.minecraft.server.NetLoginHandler.a(NetLoginHandler.java:42)
2012-07-31 15:38:04 [SEVERE] 	at net.minecraft.server.NetworkListenThread.a(NetworkListenThread.java:65)
2012-07-31 15:38:04 [SEVERE] 	at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:559)
2012-07-31 15:38:04 [SEVERE] 	at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:451)
2012-07-31 15:38:04 [SEVERE] 	at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
2012-07-31 15:38:04 [INFO] Disconnecting  [/86.123.43.211:59780]: The Ban Hammer has spoken!

Last edited by _ForgeUser616813: Jul 31, 2012

zachboracurse
- Join Date: 8/29/2007
- Posts: 801
- Member Details
#10 zachboracurse

View User Profile

Send Message

Posted Jul 28, 2012
@SuperSpyTX if you can fix the dynmap showing of the password and if you could put a "safe ip" command, I'll use this.

The safe ip command would allow a user to mark his ip safe, not requiring a password at next login.

Rollback Post to Revision RollBack
_ForgeUser616813
- Join Date: 3/19/2008
- Posts: 26
- Member Details
#9 _ForgeUser616813

View User Profile

Send Message

Posted Jul 28, 2012
there is still a minor/major problem with Dynmap ... it show the word in the web interface :) but not when you are vanished on login with VanishNoPacket

Rollback Post to Revision RollBack
zachboracurse
- Join Date: 8/29/2007
- Posts: 801
- Member Details
#8 zachboracurse

View User Profile

Send Message

Posted Jul 27, 2012
@SuperSpyTX

About that Tab thing, it seems that on my server I need to type it like it's showing in the tab list.

Example : If in tab his name is in pink with a white start in front, I have to type *cName

Regarding your plugin, I'll verify with my other staff and we might replace our current mediocre authentication plugin with yours. The one we're using is something I built quickly and it shows passwords in the server log. With yours I won't have that problem.

Rollback Post to Revision RollBack
_ForgeUser7193477
- Join Date: 7/12/2011
- Posts: 127
- Member Details
#6 _ForgeUser7193477

View User Profile

Send Message

Posted Jul 21, 2012
@Xarc34

I was made aware of this issue a while back.

I've removed this feature for now,

You can grab it here.

Last edited by _ForgeUser7193477: Jul 21, 2012

Rollback Post to Revision RollBack
_ForgeUser616813
- Join Date: 3/19/2008
- Posts: 26
- Member Details
#5 _ForgeUser616813

View User Profile

Send Message

Posted Jul 20, 2012
Hi ... I have a problem ... I try to use this plugin to double the security of an offline server which authentication is made with xAuth. I have tested only on OP's
It work fine, but when it comes to enter first time the word or reset it empties the inventory after login ... less the armor.
It have no errors.
I'm not worry about admin/op loosing their items because they use few and can get very quick.I'm afraid to release for particular players.
Can be fixed ?
Thank you.

Rollback Post to Revision RollBack
_ForgeUser7193477
- Join Date: 7/12/2011
- Posts: 127
- Member Details
#4 _ForgeUser7193477

View User Profile

Send Message

Posted Jul 18, 2012
@Xarc34

In the command? Sure!

I'll put this in my TODO list.

Also, if they're ingame, just type portion of their name (EX: "Super") then hit the TAB key and it should fully pop into the chatbox for you (EX: "Super" <TAB> "SuperSpyTX").

Rollback Post to Revision RollBack
_ForgeUser616813
- Join Date: 3/19/2008
- Posts: 26
- Member Details
#3 _ForgeUser616813

View User Profile

Send Message

Posted Jul 18, 2012
Just discovered this plugin and I think it is another good one among other you have made, but I have a question ... could you make player names case-insensitive ?
Thank you.

Rollback Post to Revision RollBack
_ForgeUser7193477
- Join Date: 7/12/2011
- Posts: 127
- Member Details
#2 _ForgeUser7193477

View User Profile

Send Message

Posted Jul 17, 2012
@TISSIN

I want to watch that SNL episode.

(Yes, I looked it up. Nice reference lol)

Rollback Post to Revision RollBack
_ForgeUser7753817
- Join Date: 10/24/2011
- Posts: 195
- Member Details
#1 _ForgeUser7753817

View User Profile

Send Message

Posted Jul 17, 2012
Mindy, you said the secret word.

(off topic)

Rollback Post to Revision RollBack
To post a comment, please login or register a new account.

Project ID

41484
Created

Jul 1, 2012
Last Released File

Jul 21, 2012
Total Downloads

1,783
License

MIT License

Bukkit

SecretWord

Bukkit Plugins

SecretWord

Table of Contents

About

History

Video

Commands & Permissions

Commands

Permissions

Configuration

Installation

League of Developing Le-

BETA, BETA, BETA!

Other Great Plugins

Comments

About This Project

Categories

Members

Recent Files

Bukkit