Bukkit

@antichip

You're right. I actually already started with some changes like IPLock and no op on some servers. But I'm gonna change that ever further like you said.

@Xephi59

I do not use VIP slot on my lobby. I have ban management which may interfere.

When changing command in game please check if the new password has symbols wtich are not accepted by mysql, such as üç ş ğ... This is an important issue.

OK just to make sure everyone that is having issues with the old passwords MAKE SURE you are using the same hash as you were on your previous version. NO I still have not tested this build. AND TO BE CLEAR.

A PLUGIN SUCH AS THIS SHOULD ALWAYS BE TESTED ON A NON-PRODUCTION SERVER THOROUGHLY BEFORE USING IT ON YOUR MAIN SERVER.

@BNcraft

Make sure to read and search logs for their IP. ENSURE they are infact NEW.

@Prominentc

There is a plugin that does this, I dont recall it's name but IT does purge essentials, factions, towny, plot-me and a few others.

@rynobot

If all servers use the EXACT same server settings it will use the same info for all servers with authme installed. I used to use it on 9.

@iaXedu

This is a security solution

So in saying that, PLEASE take all security precautions.

SO a lesson in security real quick,

NOTHING IS PERFECT AND SECURITY IS A MYTH.

Now with that said if you want to be as secure as possible here are a few steps to get you started.

allow op only through console, DE-op on login USE NO SETTING TO BYPASS SECURITY, IE: don't allow restricted users, don't be lazy, log-in. Owner should really have rank as the lowest rank. give yourself op if you need to work on stuff or rank yourself up for a few minutes. DO NOT share PLUGIN-INFO. EVER. NEVER EVER EVER OP ANYONE, use permissions, that's what they are for. Well those are the basics, please ignore as usual.

On version 3.0.2 XAUTH encryption not work.

"Wrong password"

  security:
    minPasswordLength: 4
    unLoggedinGroup: unLoggedinGroup
    passwordHash: XAUTH
    doubleMD5SaltLength: 8
    supportOldPasswordHash: true

Is it possible or might it be possible in the future to delete custom user data files? such as factions and anything else that creates player files?

Hi.

I have problem, my players are reporting to me "Password Incorrect"

This is my CONF CLICK ME

Why i get this error?

[SEVERE] [AuthMe] Plugin AuthMe v3.0.1 has failed to register events for class fr.xephi.authme.listener.AuthMeBungeeCordListener because net/md_5/bungee/api/event/ChatEvent does not exist.

Thanks for this great plugin and for your reponse.

I have an error for you: http://pastebin.com/thHRGtZp

And a big problem.. Restricted users seemed to work until one guy logged in on my name and destroyed one of my servers. Luckily it's a minigame server and I made an backup 1 hour earlier so no real damage done. Anyways when people join my server they get forced to the lobby from which they can connect to 3 other servers. They all have AuthMe and all use sessions with restricted users. Ever since this guy logged in on my account I cannot join my own server it now says I'm not the owner of the account. I checked the config and my IP is still there so this is very strange.. My ip starts with 94 the guy who hacked my account starts with 188.

Here is my config again: http://pastebin.com/hPFhj267

Thanks in advance

@antichip

Thanks, i think that fixed the problem!

Do you also know how a certain ip can bypass the max registrations per ip.

(so i can test it myself if i go to the first spawn or not)

I am sorry I have not had the time to start testing and looking for bugs. I have been busy working on new website. I am not saying it is my responsibility to do so, I just like knowing what is going on.

Xephi59

Would it be possible to subdivide the forums into more issue specific sections? and actually start enforcing it's use? It would just be nice to see the comments kept for comments and not issues. It is your show but it would clean things up quite a bit,

@ZwPBerserk

first join plus has a setting to delay the tp time, set it long and test to see where you need it to be. You could also use essentials spawn send the unregistered group to a specific location, and all others to another one.

Hi,,

I want players to join on the firstspawn spawn set by the firstjoinplus plugin. But this isn't happening.

Authme places the users at the normal spawn after they have registered. Is there a workaround for this?

not all passwords are recognized from 2.9.5 - cant even unregister those users - its glitched - fix asap please