Have no security checks when using command /banip

Question

Have no security checks when using command /banip

whfwtf opened this issue 8 months ago · 2 comments

whfwtf commented 8 months ago

Type of bug

Other unexpected behaviour

`/ess dump all` output

https://essentialsx.net/dump.html?id=5ad6ede52afa40df8dca37cfce40df65

Error log (if applicable)

No response

Bug description

when an operator accidently uses the command :/banip 127.0.0.1
everyone is kicked out from the server.

Steps to reproduce

1.open a server locally
2.let operator use this command :/banip 127.0.0.1

Expected behaviour

[Error]You can't ban server itself

Actual behaviour

[17:42:02 信息]: [Essentials] 操作员****封禁了IP段127.0.0.1，理由：干啥呢。

whfwtf · Answer 1 · 2024-01-22T12:44:39.000Z

服务器不是我的。。。
他们玩脱了来烦我是我没想到的

pop4959 · Answer 2 · 2024-01-22T18:10:45.000Z

Not a security issue, just don't ban that IP. We will not be adding artificial restrictions to what IPs can be banned using the command, especially given this is something that you need privileged access (moderator / admin permissions) for anyway.

Share to