[Feature] A way to accept command only through console
Spontini opened this issue · 4 comments
Hello, can you guys add a config option for accepting command only from the console? In Modded Minecraft area we've been (myself and few more networks) getting hacked some how we can not understand so far, we need this feature to feel safe.
Just don't give any player luckperms.* permissions? Or if they're an operator setting luckperms.* should also work.
I've been checking my LuckPerms logs and this is what i saw;
`[11:01:47] [pool-10-thread-1/INFO] [minecraft/DedicatedServer]: [LP] #35 (10h 55m 20s ago) (Console) [G] (default)
[11:01:47] [pool-10-thread-1/INFO] [minecraft/DedicatedServer]: [LP] > permission set * true
[11:01:47] [pool-10-thread-1/INFO] [minecraft/DedicatedServer]: [LP] #36 (10h 53m 52s ago) (11cab11) [G] (default)
[11:01:47] [pool-10-thread-1/INFO] [minecraft/DedicatedServer]: [LP] > webeditor remove * true
[11:01:47] [pool-10-thread-1/INFO] [minecraft/DedicatedServer]: [LP] #37 (10h 37m 24s ago) (11cab11) [G] (default)
[11:01:47] [pool-10-thread-1/INFO] [minecraft/DedicatedServer]: [LP] > permission set sponge.command.plugins true
[11:01:47] [pool-10-thread-1/INFO] [minecraft/DedicatedServer]: [LP] #38 (10h 36m 52s ago) (11cab11) [G] (default)
[11:01:47] [pool-10-thread-1/INFO] [minecraft/DedicatedServer]: [LP] > permission set bungeetablistplus.command true`
The Console act is not by me, i'm the only one who has the console access and i'm using 2FA, looks like it's bigger than i thought.
We're thinking they use a client that bypasses mojang packets to spawn items with nbt data that run commands as console. I wonder if there is any way to fix it.
