Bukkit Server Virus?

Hello!
I'm just wondering if anyone can remember any virus that relates to bukkit plugins.
It can range from giving someone op to crashing the server.

 

Ask the Bukkit file reviewers for that, they see the worst

 

John Cameron moved to Bukkit Discussion subforum.

As far as malicious code (Which does not make it a virus), there's been plenty of attempts at uploading bad things to BukkitDev. Developers often think they can sneak in code that does bad things, but we catch it.

Make sure you always download your plugins from dev.bukkit.org, where we inspect each file

 

Awesome! So glad they make it safe
But what was the contents and what did it do?

 

There's probably been lots of attempts, so not an individual case. I'd say there's probably been quite a few attempts to crash servers, and even delete important configuration files. That's why you should use BukkitDev plugins only and keep backups

 

I'd assume most malicious plugins are back doors?

 

i guess everything you can imagine ...

• back doors, where you enter a hidden command to op you.
• chat logger to catch passwords when using auth plugin
• special plugins that do need a password to execute certain commands
• ...

 

I've seen more sophisticated one's that someone tried to get me to run which tried to exploit an old bug in Java that allowed them to run commands outside of the JVM.

 

The team does a good job screening the plugins. Exploits will always be around when unintentional accidents are made in code.

Or lack of extra security checks (This cause has been linked to lack of caffeine levels in programmers)

I think I remember a spout issue when a plugin could call spout.getCache.deleteFolder("../../[name of world") or something similar.