1
Well the topic title should pretty much ask it all.
Create an account or sign in to comment.
9
This is how I stopped ForceOP.
Option 1. Dont give anyone any perms that can damage anything. Then just deop yourself every time you log off. So when the hacker tries to use your player to op themselves, there are no perms.
Option 2. Use a separate authentication password plugin. Make sure all players with perms that can be used to damage the server use the secondary password system. I have been using the loginsecurity bukkit plugin.
The forceop works when the hacker does a "session steal" and tricks the console into making the owners or other op player op the hacker.
Option 1. Dont give anyone any perms that can damage anything. Then just deop yourself every time you log off. So when the hacker tries to use your player to op themselves, there are no perms.
Option 2. Use a separate authentication password plugin. Make sure all players with perms that can be used to damage the server use the secondary password system. I have been using the loginsecurity bukkit plugin.
The forceop works when the hacker does a "session steal" and tricks the console into making the owners or other op player op the hacker.
ForceOp? Yes, it used to be possible. Now the tactic is getting owners to install plugins that give you op..... do not install plugins that are not on Bukkit.
*Sigh* Yes, there was a recent return. It's on Hack Forums. I would link it, but I would get into trouble. If the server isn't properly secure, you can log in as any user on the server. So it's not really ForceOp, but similar.
Yeah it's only for 1.5.2 and 1.6.2. Nothing needed to worry about there.
Right now As far as I know of there is no such thing as a ForceOp. There has been in the past but not anymore.
I do know that there is an exploit with bungee (Since it handles Minecraft premium authentication) that when you don't set it up correctly your server will automatically be set into OFFLINE mode
ie. A cracked server.
So be aware of that for those who didn't know :3
Right now As far as I know of there is no such thing as a ForceOp. There has been in the past but not anymore.
I do know that there is an exploit with bungee (Since it handles Minecraft premium authentication) that when you don't set it up correctly your server will automatically be set into OFFLINE mode
ie. A cracked server.
So be aware of that for those who didn't know :3
by properly secure do you mean like disabling /op from ingame and having a good password on the console? or is there something else that can help prevent these things
If you have been a member of PMC for more than a month or so you would see that they done a server-wide announcement saying that there was an issue with this and advised a plugin and most server admins / owners added this immediately along side with bukkit updating the latest build to improve security for their users.
No
There used to be, Mojang has been working to fix it and most servers have protection against force op.
Why do you even want to know?