Hello everybody, Sometimes, people want to hack your server and make these dangerous plugins. I work at a Dutch hosting compagny, and today I had someone who had it. They send him a plugin called MiniGames+. Later he started a ticket saying people are OPing thereselfs and he can't deop them. It seems to be MiniGames+'s fault. So I downloaded the plugin and opened it with JD-GUI. First, the package: <snip> Well... Other package name than the pluginname. Continueing, I typed in the package name in Google, got 1 result: [1.5.1] Force op plugin DOWNLOAD & RUN FILES! (Also can run/download exe!) Oh gosh, this isn't good. But I continued to the source. I saw a PlayerListener, so let's check it out: <snip> Oh no.... Line 65 to 77, I can get OP, ohmygoshhhhhh. So I warn everybody: Only download plugins from Dev.Bukkit.Org (DBO). They are checked by staff (and hopefully good checked) and very more reliable than plugins you got from people. Be aware!
Locked. There are a lot of dangerous plugins out there, that is why we go through great lengths to ensure all files on dev.bukkit.org are free of malicious code.