search

Test-Account666 / PlugManX

Plugin manager for Bukkit servers.
https://www.spigotmc.org/resources/plugman-improved.88135/
MIT License
113 stars 44 forks source link

The ability to disable plugin downloading... #23

Closed MeowIce closed 1 year ago

MeowIce commented 1 year ago

An option to disable /plugman download in the config is a good idea to prevent (un-trusted) admins, and hackers from installing backdoor plugins in the server !

Test-Account666 commented 1 year ago

If you don't trust an admin, don't have him as an admin!

I'll add this feature, but if a hacker already has that kind of access to your server, I don't think this will save you

MeowIce commented 1 year ago

If you don't trust an admin, don't have him as an admin!

I'll add this feature, but if a hacker already has that kind of access to your server, I don't think this will save you

In some situations, if the hacker only has access to the console, the damage may not be much. But if he has access to the console and downloads his malicious plugin with PlugManX, then the damage might increase as he has access to the whole server file with that malicious plugin. I've seen this before.

Better safe than sorry...right ?

TypicalModMaker commented 1 year ago

Pointless, if your server is vulnerable, hackers have alot of methods to access console