griefer issue on our server and banning

So we had an issue on our server earlier today, i wasn't available at the time, but one of our other OP's was.

Basically, this user called 'dartime' logged onto our game, went to our gamezone, broke through to the redstone area of one of our games and started wrecking the place.

Thankfully i have Coreprotect installed and was able to reverse everything, but it gets interesting.

We've tested this thoroughly, only OPs are able to cause mass damage to that particular game, WorldGuard is set up with 'Build: DENY' for it, we've had players from all our ranking categories try and none of them can do it.

The OP that was on attempted to ban the player, but it refused to let him, he tried several times to no avail.

Out of annoyance i guess, he did '/deop dartime' and then /ban dartime, and instantly it let him ban that player.

The relevant section from the logfile:

2012-07-26 03:24:00 [INFO] Creating empty config: /mnt/minecraft/craftbukkit/plugins/Essentials/userdata/dartime.yml
2012-07-26 04:02:50 [INFO] [gamezone] redwing2000: dartime why are you blowing up the red pitfrenzy
2012-07-26 04:03:09 [INFO] [PLAYER_COMMAND] geironul: /tp dartime
2012-07-26 04:03:26 [INFO] [PLAYER_COMMAND] geironul: /ban dartime
2012-07-26 04:03:39 [INFO] [PLAYER_COMMAND] geironul: /ban dartime
2012-07-26 04:03:48 [INFO] geironul: De-opping dartime
2012-07-26 04:03:52 [INFO] [PLAYER_COMMAND] geironul: /ban dartime

I'm pretty darned sure our ops.txt file didn't have a 'dartime' in it prior to this event, but i'm not entirely sure, i normally keep a watchful eye on it.

Anyway, i've now out of extra cautiousness set incrontab up to email me the contents of ops.txt the instant it is changed, and i have tested that several times.

But i'm a bit concerned now as to how dartime managed it.

Our server is set online-mode=true so it can't be that. Could be one of the plugins i guess, but i have no clue.

 

We need the full server log to see what happened, or you could look through it all and see how he got op...

 

That's a pretty big file, couple of hundred MB.

I've done a search on it for 'Opping: ' and can't find anything with regards to him ever being opped. In fact, 3:24:00 was the very first time he has ever visited our server.

We've figured out what is causing it.

The plugin VariableTriggers is granting people OP status for whatever reason when they trigger one of the events (click or area).

Have posted a thing on that plugins dev page informing the dev.

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

Thanks for the info. I have found and fixed the problem and just uploaded the update v1.1.3

This was being caused with the use of @CMDOP in the script on triggers. If the trigger is fired by the same person repeatedly very fast then the op was not handled properly and occasionally the player was left as op.
The problem has been Fixed.

 

Instead of granting players temporary op status so they can override the restrictions of other plugins, my plugins simply listen for the event on HIGHEST (so they will see the event last) and do setCancelled(false). This allows the action to occur normally. This way, there is no chance of players accidentally being left with op (through glitches, improper shutdowns).

 

Have you looked at my plugin? If not you should. We are not talking about letting the player be op we are talking about a script trigger that can be scripted by server admin and to run a command as player but alow op on player. There is no listener for this.