There is no way for anyone to illegitimately gain op on your server unless you are running your server in offline mode. Any program in existence that claims otherwise is trying to lure you into running it (in an effort to see if your server is at risk) to steal your information. You'll notice that in every video you either have to have the program running before you login or need to login, run the program and restart Minecraft. This is because these programs are designed to take the IP you enter into the ForceOP hack for testing, your username and password and send it to the creator. Even if this is not the case, it is fairly simple to put together a fake, convincing video by simply modifying the client to respond to "/op" and print local messages to make it seem like the user has gotten op. Regardless, any programs offered for download accompanying these videos or public reports of op force hacking or the like are usually sending the creator an email that says something like: "New server to grief: <IP you entered - usually your server, since you want to be sure your server is safe> Username: <you username> Password: <your password>" Every single time someone reports this issue, it turns out to be the same thing. A malicious program designed to fool server admins into thinking their server is at risk, running to try it out and make sure they aren't. Then later finding their server has been attacked by someone with op because they know your username and password, and thus can op anyone they want on your server. Until someone brings a real exploit that allows you to gain op to my attention, we'll have to continue stopping the discussion of and advising against the discussion of this 'hack' to slow down it spreading. We take every exploit report we get seriously and investigate each and every one. To this day, we have been unable to find a legitimate exploit to gain op in any server and every reported exploit has turned out to be a malicious program that collects your information in an effort to exploit you and your server. If you're looking to report an exploit, we advise people to stop posting exploit discussions publicly and, instead, contact one of my Admins, myself or create a private ticket on http://leaky.bukkit.org.