[Read This Staff/Plugin Makers] ConsolePassword

What am looking for: Ok so this is a REALLY good idea I came up with to stop hackers from taking over console! Why not set up a plugin to make a console password? Also when a different ip is accessing the console, they have to type the password too!

And everytime when you open the console, you have to write the password as well as when you do /stop or /op!

 

The console itself doesn't know what IP is doing stuff with it.

 

How about if it is just accessed from a different location?

 

Same. The console is always running on the server computer. If it's being accessed, it is trough some other program.

 

Ok, how about just a console password?

 

The password to log in to the machine isn't enough?

 

nobody is that obssesed with hacking

 

Then why do you want this plugin?

 

To protect this server below, and plus, most hackers will just give up if the console had a password! but if the console has no password, they can do /kickall /banip admin /op EVERYBODY /mvdelete world /mvconfirm /setspawn in all /banlist /unban ALL and then /save-all and then /stop etc and delete the backup files and I cant do anything about it.

 

That doesn't make any sense; and the closest anyone could get to this with a plugin is forcing a password to be entered on a timer, which could be easily circumvented by opening the console and waiting for someone to enter the password. Or appending the password to passed commands, but nobody is going to make that. The practical solution here would be for you to learn how to secure your system.

 

how do I secure my system?

 

If you're hosting from home, you can learn a lot by doing a web search for internet and network security options for your OS. But if you're hosting from home and don't already know any of this, you'd probably be better off getting a paid host and going over it with them if you still have concerns. This is mostly a kid's game though, so you're not likely to run into anyone that's going to "hack" you. Loosely handing out OP and console access to people will ruin you quickly though.

 

Is there such thing as a free host? lol

 

Maybe. The best hackers could hack into server information and set themself as op, but THE BEST HACKER could too discover the password if the plugin gets popular.

 

Where do you host your damn server then ?
You're making things awkward.

 

What are you you even talking about? Not every one can afford to pay for server host. Plus why pay for a host when you can just host from home the guy is just requesting a plugin. And if anything you just made it awkward

 

Set online-mode=true and don't op people you don't know and trust.

 

How are you having people access your console? Like, the actual terminal window? Update your SSH keys and enforce ACL.

If there were some vulnerability in Bukkit where a team went around opping themselves on servers, the team would release a hotfix. This isn't an actual problem that needs fixing.

 

Not really. He didn't mention he hosts it from home. Plus you should do some research on why hosting from home is a bad idea, especially a public server before commenting.

 

how exactly do you even reach a console of a home server?

 

Exactly... lol.

 

In my server file, of course . I don't trust hosting companies because they rip people off and can shut down a server anytime they want, some of them don't even give customers console access so they pretty much own the server. Even with a contract, who knows? Maybe one of their employees might go berserk and explode the server hosting machines 0.0

My computer is well protected from about everything, got antivirus and computer security.

Thank you, I can't afford server hosting, I'm an immigrant, just want a simple plugin that requires a password when opening the console.

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

This is somewhat unlikely.

 

You never know.....

 

Doesn't matter, server hosting companies have control over their customers, they can do anything!

 

Nobody here has ever had their hosting machines blown up, I'm willing to bet on it.

 

Maybe if one of their employees got laid off because of the economy they might blow a few things up... I bet there is a 1% chance.

 

In any case data is backed up and prevention measures are taken. If you want less chance of this happening, pick a more reputable, larger provider.

 

So ehm, is this plugin possible to make?

 

Well you can listen on all command executed at console and block them until you input a password. (But you will have to input password before every command) Or time lock/unlock console commands