New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Plugins list not available on Survival or Creative #115
Comments
If I could figure out why, I was actually going to just disable it on PVE, unless there's a super compelling reason to have it, it's probably better to just hide that information entirely. Players don't really need that list, and it could present a security risk. |
Some of that plugin list is in the new revisions spreadsheet, so security through obscurity isn't an option. |
Don't see a necessity for hiding the plugins from someone in game, as they're already visible in other locations, or told openly when asked what all is used. I understand the typical "X plugin might have a bug". But we've got rules in place to ban for people taking advantage of that. Is protectplugins set to true in NCP? I know little techside, but I pretty sure that's the easiest way to turn off the /plugin command. |
Do mods still get a notification when someone checks the plugin list? That should be protection enough imo. |
"Do mods still get a notification when someone checks the plugin list? That should be protection enough imo." Asked a few players on PvE to run the command for me earlier, and the notification came up for every one of them when they did it, so we've definitely still got that set up. I see no reason to hide the plugins we use, it's of more benefit than detriment to the server by having them made known, and I can't think of any instance where i've needed to be secretive about any of the plugins we use. |
Ok, fair enough, you guys win. :p Regardless, I still need to figure out what is blocking it. Lol. On Jun 6, 2013, at 9:03, Tharine notifications@github.com wrote:
|
It's a NoCheatPlus config thing: config.yml -> miscellaneous -> protectplugins: <true/false> |
Also is a bukkit permission: bukkit.command.plugins |
any progress? iirc editing configs is @jcll's department. |
I notice /pl is falsified :) /pl shows the fake while /plugins shows the real. |
It is a feature of NCP to help stop some hacked clients from going into a lesser more harder to detect mode. |
I'd like to reiterate my disagreeance with that response, jcll. I still don't see a necessity for hiding the plugins in game when they're already visible in other locations or told openly when asked what we use. The most effective way to stop a hacked client is observation, NCP is a decent way to get statistics/ warnings to back up otherwise circumstantial evidence. If allowing for the plugins list to be more easily visible means hacked clients are harder to detect, then so be it. We'll deal with them as we always do: through observation. On a personal level, I'm not comfortable with jcll having such an executive veto over something that all three survival admins have signed off on. You lock out a much larger crowd, that is to say everyone playing legitimately on the servers from quickly accessing useful information. I want for this list not to be falsified. I'd prefer the command be usable by everyone. An appropriate middle-ground would be the actual list of plugins, and a notification when someone checks the plugin list. Reopen this thread, or actually fix the issue please. |
Just signing off a public +1 that what draykhar has stated is a notion shared, and not just his own words. In addition, I too, would like to see us remove the falsified plugins list. |
+1 as per Tharine |
I would also like to see the check plugins command set to accurately display plugins. |
@Tharine |
@Tharine "Had hoped this one would have been resolved already as i've mentioned it in passing to a number of people." Never mentioned it to me or any other head as far as I know. While it's maybe not our jurisdiction with tech stuff, I'm pretty good a poking the techs about stuff.
|
You just answered your own question.
Nodus hasn't been updated for 1.5.2. You could ask @c45y if there are similar clients still around that do this On a more constructive note, this is solvable in myriad ways. As @Deaygo points out, a check could be made on whether /plugins is checked immediately on join/respawn (as with hacked clients) or at other times (legit usage). Another simple solution is just to alias |
I have edited @barneygale 's comment, as there was a bunch of crud in it that presents no gain to this ticket what so ever |
A lot of clients moved away from using the plugin list command, as nearly all servers triggered an alert of blocked it. Should be fine to enable again. |
With what @barneygale said about having /plugins say "check /pl for plugins," I'm sure that hacked clients can also run /pl. So why not set both commands to say "check /pluginlist(or something similar) for a list of plugins." Then /pluginlist can point to the non spoofed original list. |
Is |
Yes, I only just found that out not long ago myself. |
Worked on a little something for this earlier today. Hopefully this is a happy medium between jcll and everyone else. https://github.com/ElliotSpeck/Tarpit Edit: I feel it necessary to tag @Tharine and @draykhar here, so they're aware that a working fix is now available for use. |
This is being blown way out of proportion. There are tonnes of ways to list the plugins, some of them aren't even related to the command /plugins. It seems like everyone is cool with it being enabled, so, why not just do it...? @ElliotSpeck : Got a 404 error. |
@FourDown: Fixed. I accidentally clicked 'private' when making the repository. |
@FourDown is right, this has been blown out of proportion. A simple solution would be to re-alias it again or to simply return a forum link. |
This is now fixed. (Or at least will be once each server restarts, I'm not gonna bother to restart them all.) |
Had hoped this one would have been resolved already as i've mentioned it in passing to a number of people, but neither the /pl or /plugins command works on Survival or Creative, for players or staff. The command works fine on PvE, and apparently has done for the entirety of it's new revision. Not sure when this stopped working for the other two servers, but it hasn't been available for at least several weeks now.
The text was updated successfully, but these errors were encountered: