Filter bad entity data in creative mode to prevent critical exploits

[Platinteufel]

When you give a player creative mode, they can throw whatever NBT info they want onto an item and the server trusts whatever the client does in creative mode. A lot of current hack clients just use this exploit and spawn armorstands with commandblocks, create crash-items that crash clients or even whole worlds/servers.

PaperSpigot still tries to catch some motion-data, but I think there are still endless possibilities. https://github.com/PaperMC/Paper/commit/dec715e07b466d32785103aa0a8cba4a3fc834c7

What do you think about that? Should NCP prevent clients doing everything they want to if they are in creative mode?

[GlitchHead]

Most of the harmful item exploits have been patched by spigot and there are some plugins that prevent it from happening entirely.

[asofold]

The issue you're mentioning should officially be covered in this ticket: https://github.com/NoCheatPlus/Issues/issues/12 . One plugin is mentioned there. That ticket could use some cleanup / simplification of text, though.

In general these types of exploits would make sense to cover, however it is some extra task to maintain these types of filters. While some are generic some will always stay on the edge of things, allowing for false positives with new Minecraft features or even with other plugins. Due to the destructive nature and the amount of extra work also for maintaining such, it's not yet been done in NCP.

Of course item stuff (where destructive) could start off non-destructive or even opt-in in the first place, so it's not an all-time-no, still our main focus remains with survival mode game play, so i'd be happy with specialized plugins doing this job.

[Platinteufel]

That's true, the focus should be on survival gameplay and keeping this plugin up to date with current Minecraft versions. Thank you for your feedback though!

[Leymooo]

You can try my plugin. https://github.com/Dimatert9/ItemFixer