AnarchyExploitFixes

Contribute

Please consider contributing to AEF. 1.19 has many changes that break some AEF modules. It would be very helpful if you could fix or report some issues.

Changelog

• Fixed StackOverflow error that happens on servers without a bedrock floor, and also improve performance for servers that do. (#89 #90)
• Prevented placing blocks on the nether roof (#84 #88)

• Fixed an issue where player would be teleported above a slab if the slab was waterlogged, for some reason newer versions can now have watered slabs. This issue does not occur in 1.12. It is most likely not possible to properly fix this issue (by checking if water exists in the slab) because I would have to setup AEF with the newer minecraft version.
  In non 1.12 versions, slabs simply won't be checked in the burrow patch. This may cause issues, such as 2 slabs stacked on eachother that won't be checked. However, it's not too big of a deal and can simply be disabled if needed.

AllowSlabsInBurrow: true # Disabled by default in 1.12, needs to be enabled to prevent a bug where players are teleported above a slab when the slab is underwater, only happens in newer versions.

• This also ONCE AGAIN fixes golden apples. IDK wtf happened last time, but now they're called LEGACY_GOLDEN_APPLE, and it messed up my code AGAIN!

• Fixed issue where golden apples were removed on newer minecraft versions
• Added kick mode for packet elytra patch (#76) Disabled by default.

OnlyElytraPacketKick: false #If enabled, the plugin will not remove elytra from the player, but simply disconnect from the server. If you use this, do not turn off "PatchPacketElytraFly", otherwise it will not work.

• Added sound, and message for packet elytra fly patch

OnlyElytraPacketKick: false #If enabled, the plugin will not remove elytra from the player, but simply disconnect from the server.
PacketElytraActionBar:
  enabled: false
  message: "&cDisable Packet Elytra Fly." # for action bar and kick message

• Silent join and leave messages (#75)

# If you want to hide yourself or someone else when logging into the game, just give these rights:
#  anarchyexploitfixes.silentJoin
#  anarchyexploitfixes.silentLeave

• Remove left over debug code that was in the specific data value code.
• Fix error warnings from command use, such as /anarchyexploitfixes:aef
• Send "Unknown command. Type "/help" for help." instead of "/aef"
• Add ender pearls to the coords exploit patch.

• Add unbreakable whitelist (#71)

  EnableWhitelist: false # If enabled, only items in the whitelist will be reverted.
  Whitelist:
    - "DIAMOND_CHESTPLATE" # The name of the item in the spigot api

• Fixes the Material cannot be null error.
  This error is from setting the wrong BANNED_BLOCKS in config.yml
  It has been changed to [20:39:44 WARN]: [AnarchyExploitFixes] BANNED_BLOCKS 'BEDROCKe' not recognized. Please change to correct value from https://hub.spigotmc.org/javadocs/spigot/org/bukkit/Material.html
• Add config option to disable the warning completely if for some reason you want to keep the invalid block in config.

DisableBannedBlocksWarnings: false # Disable warnings for some reason

• Fix lag from large metadata (#74)

This release fixes illegal golden apples that were reported by STORMIN -

Please note that other items with illegal data values may not be fixed, you will need to add them to the SpecificDataValues list.

DataValues:
  RevertSpecificDataValues: true # Required for rest of config options
  RevertIllegalGoldenApple: true #Revert golden apples that aren't 0 or 1.
  SpecificDataValues: # If you want to ban any other data values
    - "SuperIllegalItem(0)" # (1) is the data value. For example GOLDEN_APPLE uses (0) for unenchanted and (1) for enchanted.

This release also adds an option to ban any items with a specific player added name, also suggested by STORMIN.

BANNED_NAMES: # Remove items that were custom named to a specific string. Suggested by STORMIN.
  - "Super Insane Mega Sussy Item" # case sensitive

1.25.2.1:

• Fixed banned logins being bypassed (If the plugin uses evt.disallow to prevent people from logging in.) This was to due with the PreventInvalidNames feature, where it would allow or disallow you to join if your name is illegal.

1.25.2.2

• Patched enchantments on items that aren't supposed to have any enchants. (Before it would only patch if the enchantment level is higher than possible)

This release attempts to fix an issue where the plugin would load chunks by itself.
Instead of using getChunk() on players, it will use the players coordinates instead, so it won't need to use the chunk.

Some server owners have also been having problems with ProtocolLib. It might be an issue with the newer version. Someone has made a fix for a similar issue, which might resolve the problem. Try using https://github.com/derklaro/ProtocolLib/suites/5624286711/artifacts/183226047, it is from https://github.com/dmulloy2/ProtocolLib/issues/1534. If that doesn't work, try rolling back to 4.7.0 as I haven't heard of this problem since the new release came out.

Changes from 1.25.1.1

• If you're using 1.25.1, make sure to update, otherwise your console will be spammed with the debug code I accidently left in... It's harmless, however.
• Added portal options

PreventDropppedItemsInPortals: true # May prevent a lag exploit.
PreventAllEntitiesInPortals: false # Only enable if you must... Players are not affected.

Changes from 1.25.1

• Fix netherite tools/armor durability being set to maximum, when it's not supposed to. For the technical people, for some reason item.getType().getMaxDurability() was returning 0 for netherrite tools, diamond tools was fine. I'm assuming it's some mistake on the spigot/paper api. Only netherite tools/armor were affected. However, this is a bandaid fix, netherite tools will only be reverted if the durability is higher than the maximum durability of netherrite tools. For example, netherite armor could have more durability, and not be reverted. I believe newer versions should already fix unbreakable items anyway. (#59)

  SkipZeroDurability: true # Make sure to keep enabled, otherwise netherite tools will mistakenly be set to maximum durability, due to some bug in spigot.

• Set AntiSpamCommandsUseWhitelist to true by default - It's very annoying for commands to not run because they've been sent before. Now only the specified commands will be triggered by default. Make sure to add any other commands that may cause a problem if spammed.

AntiSpamCommandsUseWhitelist: true # Only enable antispam for commands specified below.

• Fix some potential memory leaks (#57)
• Fixed async chunk load error (Closes #50 #57)

[11:39:15] [Netty Epoll Server IO #1/WARN]: java.lang.IllegalStateException: Asynchronous Async Chunk Load! Blocking thread until it returns 

• Fixed problem where enchanted golden apples would revert to normal golden apples due to the unbreakable patch. (Closes #56)

ItemsSkipped: # Items that won't be reverted from illegal enchants or unbreakablity.
  - "GOLDEN_APPLE" # Make sure to keep this line here or else enchanted golden apples will be reverted to normal ones.

• Prevent unbreakable items. (#54)

RevertUnbreakables:
  Enabled: true # Revert unbreakable items, items with less than 0 durability will be automatically removed or set to 0 durability, which will break on the next use. Items with higher than max durability will be set to legal maximum durability.

• Break anvils instead of teleporting players above them in burrow patch. (#55)

BreakAnvilInsteadOfTeleport: true # Break anvil instead of teleporting player.

• Prevent fireworks from entering portals, a new exploit was found that can bring servers to single digit tps simply by igniting fireworks inside a portal.

PreventFireworksInPortals: true # Patches lag exploit

• Add option to limit elytra speed at spawn. (#48)

# Spawn elytra settings
ElytraAtSpawn:
  Enabled: false
  SpeedOldChunks: 1.0
  SpeedNewChunks: 0.8
  Radius: 3000

• Added CustomMaxPerChunk for chunk ban prevention, This will allow you to add any block you wish to be limited per chunk.

CustomMaxPerChunk: # CUSTOM block chunk limit configuration - SPIGOT ITEM NAMES!! FIND ON https://papermc.io/javadocs/paper/1.12/org/bukkit/Material.html
  BARRIER: 5

• Fixed some errors with "temporary players" from protocollib.
• Fixed some performance problems with Physics event, not fully fixed, but I now cache TPS checks, so most lag should be gone.

• Check if height limit is 0 or -64 for 1.18. To allow player to go below Y=0.

• Removed client side log4j exploit fix due to problems with death messages and interference with other plugins, I don't have time for this because I have a life. I recommend using Log4jFix instead. It's not much of a deal anymore as most clients have already updated. Make sure you are using Papaya or mojang's fix to patch the server sided exploit.

• Block all messages from reaching players if they contain ${ this should hopefully prevent any clients from running code from the recently found log4j remote code vulnerability. MAKE SURE TO USE Papaya FOR SERVER SIDE OR YOU COULD POSSIBLY BE BACKDOORED!

PreventRCEClientSideExploit: true # CLIENTSIDE ONLY - SERVER IS STILL VULNERABLE Blocks all messages containing "${" make sure you are using mojang's patch (https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition) or updated Papaya to patch this exploit on the server side, OTHERWISE YOU CAN BE BACKDOORED.

• Add a reminder warning every minute to install ProtocolLib since it's essential. Specify in config.yml to disable protocollib completely to remove this message, but protocollib is required to patch many exploits.
• Add a list of commands that will have the antispam activated for them. Useful if you don't want to have the antispam active on non chat commands. (#43)

AntiSpamCommandsUseWhitelist: false
AntiSpamCommandsWhitelist:
  - /msg
  - /message
  - /r
  - /reply
  - /w
  - /whisper
  - /tell

• Add max skulls per chunk config option, useful if you have lots of skulls getting stuck in one chunk and lagging/freezing the server.

MaxSkullsPerChunk: 50

• Fix bowbomb bypass by using spectral arrows.
• Add BannedRegex config option. Allows you to have infinite customizability for blocking messages.

BannedRegex:
  - "^This is a(.*)banned message" # Prevents any message that starts with "This is a" and ends with "banned message"

Read the last release notes if you haven't already updated.

• Prevent invalid usernames with characters that aren't A-Z, a-z, _, numbers, or are too long (> 16), or too short (<1)

PreventInvalidNames: true # Prevent names with characters that are non letters, numbers, or underscores, or too long/too short.

Read the last release notes if you haven't already updated.

• Add BowBomb patch, server owners have tested this patch and has shown great results. (#40)

PreventBowBombExploit: true # Please report any problems in GitHub/Discord.
MaxBowSquaredVelocity: 15 # Fully pulled bow is ~9-10. 15 is default just to be safe.

• Finally increment version to 1.19.0, releases from now on will be 1.X.0 when there's a new exploit.

• Fix all(?) errors that happen on newer versions. One caveat with the Packetfly and boatfly patch on 1.17 is players won't be able to load any new chunks after using the exploit unless they relog, it's not that big of a deal. Note that the NoCom bypass patch is disabled on non 1.12 because it still causes errors, I believe this is already patched in newer Paper versions anyway. (#33)

• Add config list to disable any class you want! Useful if you are having problems with specific classes or would like the negligible performance improvement of not needing to register events in the class.

# Disable certain classes - Semi advanced users only. Useful if you are having problems with specific classes or would like the negligible performance improvement of not needing to register events in the class.
# Caps SENSITIVE - To disable ProtocolLib, set DisableAllProtocolLib to true.
DisabledClasses:
  - "TestClass" # MUST BE CORRECT CAPITALS, CHECK SOURCE CODE, ERROR MESSAGES, OR TIMINGS REPORTS FOR CLASS NAMES.

• Update ProtocolLib in maven

Please let me know if you have any problems on Discord or in the GitHub issues tracker.