If UUID does not match, remove all perms feature

Question

If UUID does not match, remove all perms feature

Kainzo opened this issue 6 years ago · 6 comments

Kainzo commented 6 years ago

Greetings!
I recently had a hacker on my server somehow bypass UUID auth, can we have a toggle feature to remove all permissions if the UUID doesnt match with the original UUID the user used to log in?

ChineseMarc · Answer 1 · 2019-03-18T14:37:33.000Z

Is this cracked server? (offline mode)

Andre601 · Answer 2 · 2019-03-18T18:46:00.000Z

I mean it's your own fault/risk when the server is in offline/cracked mode.
Because there is virtually no real method to fake a UUID with a cracked account on a online server, since the account will be checked on login, if the UUID is a legit one (and probs even if the name is the same)

Thrasilias · Answer 3 · 2019-03-18T18:47:08.000Z

get a better Auth plugin, or code one yourself (thats what I did for mine ;p)

Thrasilias · Answer 4 · 2019-03-18T17:33:32.000Z

Is this cracked server? (offline mode)

obv he does

ktole1999 · Answer 5 · 2019-03-19T16:12:37.000Z

do they realize thats what can happen in offline mode?

lucko · Answer 6 · 2019-03-21T20:36:38.000Z

As I mentioned in Discord, I think this would be better handled by an authentication / 2fa plugin.

Thanks for the suggestion, but on this occasion I don't think it's something I'd like to add to the plugin.

Share to