1.20.1: Command Packet Issue Again

[gre3x]

"/version ChatControlRed" - plugin version

10.23.7

Are you using MySQL?

Yes

Are you using BungeeCord?

Yes

Error log (if applicable)

N/A

"/chc debug" output (strongly recommended)

https://github.com/kangarko/ChatControl-Red/files/14104550/debug.zip

Information about the issue/bug

Reopening since there was no response to my questions after the previous issue was closed.

I am assuming that clients can interact with backend server/spigot plugins and just because it is not processed on the proxy/bungee plugin, does not mean that the backend server/spigot plugin will not process the packet.

Again, this is happening on the backend/Spigot server, not the Proxy/Bungee.

Will toggling it off on the Bungee also block the interaction on Spigot servers? There is no toggle on the spigot servers to prevent this, so how do I block it on my spigot servers too?

And I also I just checked and I already had the Enable_Forward_Command to false on the Bungee sadly when this happened.

As a reminder for the previous report:

Players are able to execute console commands on the server they are currently on through custom clients by sending plugin message packets with the "FORWARD_COMMAND" argument and the server name is the same as the current server.

This is related to Bungee command forwarding, but the Bungee server is not involved I think. This all happens on the spigot server.

I do not have access to these clients or the exact code of how they are doing it, since these are being used my malicious players on my server and not by me, but here is what I think is close to an example of what a dangerous packet sent on an example "Hub1" server would look like:

• Channel = "plugin:chcred"
• Subchannel = "plugin:chcred"
• UUID = input.readUTF() = "7aa44332454-93dfgd472-938dfgddf47-2dfgdfg34"
• serverName = input.readUTF() = "Hub1"
• actionName = input.readUTF() = "FORWARD_COMMAND"
• server = input.readString() = "Hub1"
• command = input.readString() = "give Notch cookie 1"

There is no way to block these right now, even though I don't use the command forwarding feature.

Can you please add a way to disable processing these packets if we don't use the feature? Like if there is a FORWARD_COMMAND packet, then check a config option to see if command forwarding is enabled? Then we can disable it ourselves in the config

[kangarko]

Hello,

I receive notifications everywhere, and I have commented on the previous issue. It will be addressed tonight.