FalsePositive (AntiDDOS)

[OpticFusion1]

General Troubleshooting

• [X] I have checked for similar issues.
• [X] I have updated to the latest version.
• [X] I have checked the branches or the maintainers' PRs for upcoming features/bug fixes.

Issue

Issue Type

• [X] Bug Report - The jar that causes the bug MUST be provided, otherwise the issue will be closed
• [ ] Feature Request

Description

This is due to people including the Bukkit API within their plugin AdvancedTeleportation(6788).zip

[OpticFusion1]

Same as the original file PotionSignsSimplefunwaytoaccesspotions(10410).zip

[ghost]

What does the BukkitAPI have to do with this?

[OpticFusion1]

Certain files within the BukkitAPI cause this to trigger. Specifically org/bukkit/permissions/PermissionDefault in this case, though there's probably others

[OpticFusion1]

Which becomes an issue when a plugin includes the BukkitAPI even though it doesn't have to

[ghost]

The AntiDDOS check is just checking for a classNode name lol

[OpticFusion1]

the code specifically is if (classNode.name.contains("pl/polskipalacz/backdoor")) { return true; } return classNodeContainsBlacklistedWord(classNode, new String[]{"!komendy", "!op", "!pex", "!stop", "youtube.com/polskipalacz"});

Either way, for whatever reason org/bukkit/permissions/PermissionDefault is triggering it

[ghost]

Do you have the plugin with the virus? If yes can you send me it?

[ghost]

I found the bug already.

[OpticFusion1]

Good, as for the malicious jar, doesn't seem like i have it anymore so i can't really do much with the check :/

[OpticFusion1]

This check can't be touched until i re-find a jar with this malware, so the issue will be closed until then