Security
This is a password-protection system for players and operators acting as an extra layer of security for an online server. Please note: This will not work in offline-mode.
You may ask, if my server is in online mode, can't I rely on the Minecraft.net authentication servers to keep hackers out? Well the honest answer is, you can if you want to, but they don't have a very reliable track record. In recent history there have been two different major security loopholes found and exploited by hackers that allowed them to sign in as famous player accounts such as Notch, or sign in as operators for servers in order to cause harm or take over the server.
A password system provides an extra layer of security, so even if they do sign in as you, they cannot do anything unless they know the password you set up for it. As an added bonus, it can also help to keep player's nosy siblings out of their game ;-)
Security uses the Bukkit Conversation API to prompt players to enter information. These prompts override the standard chat, preventing you from sending chat messages or commands. You must read the prompt and enter the information requested into the chat box before you can use commands or send chat messages.
Features
- Simple and straightforward commands for players and operators
- Prompts players for their password whenever they login from a different IP address
- Players can optionally set their accounts to "secure" mode where they are prompted every login regardless of IP address
- Stored passwords have strong encryption on them so not even people with access to the server files can read them
- Passwords can be reset by operators in case players forget them
- Can optionally store player email address to confirm their identity before resetting passwords
- If hackers attempt to guess a player's password they can be IP auto-banned
- You can set up permissions to require passwords, recovery emails or secure mode for given players
- Compatible with the LanguageAPI and can be translated into multiple languages
Player Commands
Command | Permission | Description |
---|---|---|
/ChangePassword [new password] | security.changepassword (default all) | Allows a player to change their password, if one was previous set they will be prompted for it to confirm the change |
/SecureMode [enable/disable] | security.changemode (default all) | Allows a player to change their account to or from secure mode, note this is overridden by the "security.requiresecuremode" permission. Players will be prompted for the current password in order to change this |
/SetRecoveryEmail [email address] | security.changeemail (default all) | Set up a recovery email address which will help to identify the real account owner if they should forget their password. Players will be prompted for their current password in order to change this |
Admin Commands
Command | Permission | Description |
---|---|---|
/ResetPassword [player] | security.admin (default op) | Manually reset the password on a player account in case they forget it |
/StrikeAutoBan [max strikes] [duration] | security.admin (default op) | Set the maximum number of strikes before an IP is banned for entering incorrect passwords, and how long in minutes they are banned for (0 for permanent ban) |
/GetRecoveryEmail [player] | security.admin (default op) | Get the recovery email address for a player so that you can determine if they are the real account holder |
/SetAdminEmail [email address] | security.admin (default op) | Set the admin email address that players should send emails to for password resets |
Other Permissions
Permission | Default | Description |
---|---|---|
security.requirepassword | none | Requires that players with this permission have a password set up |
security.requiresecuremode | none | Requires that players with this permission have secure mode accounts |
security.requirerecoveryemail | none | Requires that players with this permission have a recovery email set |
Planned Features
- Configurable command executed on a player typing an incorrect password
- Configurable command executed on an IP exceeding their maximum number of strikes
- Configurable command executed after a player has unlocked their account
- Ignore slash-commands that are entered into a password prompt by accident (no passwords starting with a slash allowed either)
- Delay the initial password prompt while in secure mode to allow MOTD plugins to send their initial messages to the player
- Configurable set of commands that require a password before they can be used
Compatibility and Troubleshooting
Full compatibility informationg and troubleshooting is available on the Compatibility and Troubleshooting page.
Translations
If you are fluent in English and another language, you can help translate Security! See the Translations page for details.
Donations
If you'd like to contribute towards the continued development, support and maintenance of this project, please consider joining me on Patreon, and making a one-time or recurring pledge.
Help
If you need help you can leave a comment below and I will get back to you as soon as I can. You can also join my IRC chatroom using the following link. Please note, I am not always at my keyboard! http://webchat.esper.net/?channels=XHawk87&prompt=1
@CommodoreAlpha
Yes. Most likely I will add a UUID entry into the account file, and if the player's UUID does not match, disallow them. Then add name-changing command for admin to use.
Would this plugin need to be updated at some point to support UUIDs?
@foxhoundvenom
What version of Java are you using? This plugin requires Java 7, the latest is 1.7.0_45
@XHawk87
Thanks for considering the changes. It is appreciated.
LHammonds
I am using CB 1.6.4 Build 2912 which is their latest recommended build
[SEVERE] Could not load 'plugins/Security-0.2.3.jar' in folder 'plugins' org.bukkit.plugin.InvalidPluginException: java.lang.UnsupportedClassVersionError: me/xhawk87/Security/Security : Unsupported major.minor version 51.0 at org.bukkit.plugin.java.JavaPluginLoader.loadPlugin(JavaPluginLoader.java:184) at org.bukkit.plugin.SimplePluginManager.loadPlugin(SimplePluginManager.java:305) at org.bukkit.plugin.SimplePluginManager.loadPlugins(SimplePluginManager.java:230) at org.bukkit.craftbukkit.v1_6_R3.CraftServer.loadPlugins(CraftServer.java:241) at org.bukkit.craftbukkit.v1_6_R3.CraftServer.<init>(CraftServer.java:219) at net.minecraft.server.v1_6_R3.PlayerList.<init>(PlayerList.java:56) at net.minecraft.server.v1_6_R3.DedicatedPlayerList.<init>(SourceFile:11) at net.minecraft.server.v1_6_R3.DedicatedServer.init(DedicatedServer.java:107) at net.minecraft.server.v1_6_R3.MinecraftServer.run(MinecraftServer.java:393) at net.minecraft.server.v1_6_R3.ThreadServerApplication.run(SourceFile:583) Caused by: java.lang.UnsupportedClassVersionError: me/xhawk87/Security/Security : Unsupported major.minor version 51.0 at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:634) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142) at java.net.URLClassLoader.defineClass(URLClassLoader.java:277) at java.net.URLClassLoader.access$000(URLClassLoader.java:73) at java.net.URLClassLoader$1.run(URLClassLoader.java:212) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:205) at org.bukkit.plugin.java.PluginClassLoader.findClass0(PluginClassLoader.java:80) at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.java:53) at java.lang.ClassLoader.loadClass(ClassLoader.java:321) at java.lang.ClassLoader.loadClass(ClassLoader.java:266) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:266) at org.bukkit.plugin.java.JavaPluginLoader.loadPlugin(JavaPluginLoader.java:173)
@LHammonds
There is currently no means within Security to specify a number of failed password attempts before a kick.
A more effective way to address the MineChat /spawn issue, as well as prevent other players from accidentally entering a command while a password prompt is active, would be to ignore any slash commands entered into a password prompt. So long as players cannot set their password to begin with a slash, this should not cause any issues.
Having a configurable failed password command, and max strikes command would be a useful feature. I have added it to the list of Planned Features (above) along with the configurable command for after a player has unlocked their account. These could default to their current actions, kick, IP ban and nothing respectively. Linked with a plugin such as Skript, it would be possible to create a number of failed passwords to kick script, complex actions on unlock and customisable IP bans, or linking with a banning plugin.
I understand the reasoning behind it, I'm just asking if there is a way to allow server admins the option to specify the amount of failed passwords before kicking. For example, have 3 as a variable would allow minechat to connect with /spawn as 1st failed attempt and then allow the player to type their password and fail 1 more time...the next failure could then issue a kick/temp ban command. I'd also like the "failed password" event to be a custom command. That would give the admin the ability to set the event to be a simple kick or temporary ban to prevent immediate re-connect.
Another option would be a custom severe punishment option that is fired off when the maximum amount of attempts have been made, such as the IP ban command. On my server, I'd include a reason code since all of my punishments take a "reason" parameter so we can research / query prior punishments. Having the command include "REASON: IP Ban due to password failure" would be handy in a report to separate out IP bans for automated reasons verses IP bans issued by admins.
LHammonds
@LHammonds
It would be possible to add in a feature to allow a number of attempts, however having to reconnect is how it slows down any kind of brute force password hacking attempts when strike autoban is not enabled.
For this kind of problem, it is better that the client be configured not to send any messages until you've had a chance to enter the password. Even if there were a delay before the prompt was created where the client could safely send messages, they would all be blocked simply because the account has not yet been unlocked.
It is working now. There was a "Spawn on Connect" under "Settings" that I turned off to let it work. I tried typing the incorrect password using the client and noticed it kicked me immediately...which is what was happening with MineChat. It was issuing the "/spawn" command which the security plugin took as the incorrect password and immediately kicked the login connection.
Is there a reasonable way to allow more than 1 failed password attempt before doing a kick? Or is that a requirement of how the conversation works?
Thanks,
LHammonds
@LHammonds
It sounds like that Minechat is attempting to send something other than your password as a chat message on login after the account unlock prompt has been created.
Is there a way that you can prevent MineChat from sending that message?
How can I get this to work with an iPhone app called MineChat?
When I connect to my server, it shows the following:
There is no 60-second delay, it immediately disconnects after displaying that message.
I have my profile (all staff) set to require a password as well as forcing secure mode.
It works fine when I login via the Minecraft client.
LHammonds
@LHammonds
I am glad you like the plugin.
Security uses the Bukkit Conversation API to create the password prompt, which prevents the player from receiving any other messages until the "conversation" is complete. It sounds like Essentials has a short delay before sending its welcome message which means by the time it is sent, the prompt is already up and the message is blocked. I can't know exactly when other plugins are going to send messages, however it may be possible to leave the account locked, and delay the unlocking prompt for a couple seconds to allow other messages to come through first.
Allowing commands to be run after the account is unlocked is an interesting idea. I'll have to think about the best way to provide that facility.
The chance of command collisions with other plugins is fairly low for most of the commands as they are not likely shared by any plugin unless you have more than one security plugin installed. If you do have any problems it is possible to set up command aliases in the bukkit.yml file, see: http://wiki.bukkit.org/Bukkit.yml#aliases for details
The reason that the commands are kept separate is so that they use the in-built CraftBukkit help system and aliases. If I did switch over to using a single-command system, you would lose these in-built abilities for this plugin. You can find the centralised help screen for Security by typing /help Security.
You should be able to customise formatting codes in the language files using the section symbol, so long as you pay attention to the text encoding for the files and ensure that the language file encoding matches the text encoding for your server. Typically either ANSI or UTF-8. The language features require the LanguageAPI to work. Thanks for the heads-up about the dead link, I will provide a new one in a moment. If you have been running with LanguageAPI installed, you may find that it has generated a default language file for you based on messages you have already encountered.
Thanks for creating and sharing this plugin. I've tested 0.2.3 on CraftBukkit 1.6.4-R0.1 with Java 1.7.0_40 (64-bit) and it works like a champ. This security plugin looks like it will be the one I choose for my server as extra protection for staff members and any players that want to make use of it too.
Observations
With secure-mode enabled, it overrides Essentials welcome message located in "plugins/Essentials/motd.txt"
My welcome message usually looks like this:
The Lottery lines still show up which seem to be generated just before the "player joined the game" message.
But when secure-mode is enabled, I get the following:
Is there any way to allow Essentials' motd to be displayed before locking the account or it might be preferable to display it after unlock such as providing the ability to specify one or more commands to be run after unlock...such as "/emotd"
Suggestions
It could be beneficial to use a single base command, such as "/security" and move all the other commands as parameters. For example:
This would help decrease the possibility of commands overlapping with other plugins and allow for a centralized help screen for all the commands related to this plugin.
I'd like to see an option where all the text displayed comes from the config.yml so we can have a chance to standardize the prefix and color codes to match all the other server-side responses, customize text as well as provide language translations. The link to the english yml (on the translation page) seems to be a dead link so I couldn't test changes inside there.
Bug Reports
None
Thanks,
LHammonds
@BewilderedHooker
http://wiki.bukkit.org/CraftBukkit_commands
The command you overlooked is "/pardon-ip [ip]". Security doesn't ban players by name as that would also ban the real player. The IP address is used as this should only ban the hacker, and make it inconvenient for them to switch IP address each time they want to try again.
I tried the plugin, tested it myself by entering incorrect passwords. It banned me as it should, but I discovered too late that there seems to be no way to unban a player after this. I tried /unban, tried removing the plugin, deleting my player files and ban lists, setting myself to Op... nothing works. I did set the ban time to only 24 hours, so I'll be able to log in again then. Theoretically. Please tell me there's a command I've overlooked or a trick to get past this. Otherwise, this is a major flaw.
@CommodoreAlpha
Both of those methods have been used in the past to gain unauthorised access to other player's Minecraft accounts. There have been two separate incidents where Mojang released updates with vulnerabilities in the session system, which allowed server hosts to hijack sessions of players signing in to servers so they could sign in elsewhere as them.
Vulnerabilities on their authentication system have allowed hackers to gain easy access to player accounts and sign in as famous accounts such as Notch.
There are also cases where players themselves have been incautious or got their information stolen and their passwords used to access their accounts.
Hmm, an Account-Authentication type plugin without all the fluff I don't need. Nice. :)
But I am rather curious, how do hackers log in as other players? Are they logging on their actual account, or logging in and impersonating an existing account?
I do not check the curse pages often. Please only leave comments on the Project Site. Thank you!
@lst96
This project was initially denied because I did not make it clear enough that it was not possible to use when online-mode=false. Only after I contacted moderators to correct the misunderstanding was the project approved.
@XHawk87
there is popular plugins that does this. authme-reloaded and xauth and several others. So your not going to get your plugin denied if you do.
@Fumihiko356
Sorry, but I am not allowed to provide any support specifically for online-mode=false servers. All you can do is try to fix this bug that is preventing you from setting it to online-mode=true.
If the Minecraft client cannot interpret unicode codepoints directly then essentials must be manually parsing the unicode and converting it into ansi before sending it to clients. So I figure why write out codepoints when you can write it in a human-readable fashion?
The first file was not encoded in ANSI but UTF-8, perhaps pastebin converted it? Anyway, after converting it back it displays correctly. Minecraft client and server support ANSI but not unicode.
You can get a copy of it from the translations page. It should be installed into your "plugins/Security/languages" folder. You can then use /ServerLocale ger to set the server to default to using this file for translations, and all users have the option of using /Locale ger or /Locale eng to set their personal translation language.