BetterSecurity 1.7
Your safety is the priority of everything!
BUGS FIXED (Spigot/Bukkit)
┃Fixed an issue that caused performance issues.
BUGS FIXED (Bungeecord)
┃Fixed an issue with the full tab of bungeecord whitelisted commands. For example: /command + [TAB]
NEW CHANGES (Spigot/Bukkit)
┃Revisited the "Block_Tab_Complete" section has become like the bungeecord one.
NEW CHANGES (Bungeecord)
┃"Block_Tab_Complete -> commands" has been changed to "Block_Tab_Complete -> blacklisted_suggestions"
NEW CHANGES (Everywhere)
┃Added "[MINI_MESSAGE]" executor which adds support for kyori adventure mini messages. https://docs.adventure.kyori.net/minimessage/index.html
FOR SUPPORT
┃Write to me here in private, Telegram, or by Discord
⚠️ After the update, reset or add the new changes, to the config.yml
NEW CHANGES (Bungeecord)
┃Added "ignore_servers: ['server1', 'server2']", in bungeecord complete tab whitelisted commands.
┃Changed in "Block_Tab_Complete" section, whitelisted_commands option changed to whitelisted_suggestions.
# ______________ ______ ________ ______ _________ ______ _____
# ___ __ )__ /______________ /__ ___ __/_____ ___ /_ __ ____/____________ ______________ /______ /_____
# __ __ |_ /_ __ \ ___/_ //_/ __ / _ __ `/_ __ \ _ / _ __ \_ __ `__ \__ __ \_ /_ _ \ __/ _ \
# _ /_/ /_ / / /_/ / /__ _ ,< _ / / /_/ /_ /_/ / / /___ / /_/ / / / / / /_ /_/ / / / __/ /_ / __/
# /_____/ /_/ \____/\___/ /_/|_| /_/ \__,_/ /_.___/ \____/ \____//_/ /_/ /_/_ .___//_/ \___/\__/ \___/
# /_/
Block_Tab_Complete:
# --------- < ⚠ > ---------
# If you have BungeeCord, the use of Waterfall ([url]https://papermc.io[/url]/) is recommended.
# This is because you can also block the commands in tab 1.13+ of the proxy.
enabled: true
# Do you have waterfall or forks using it? (Types: Aegis, FlameCord, etc..).
# ⚠ If the answer is yes then you definitely need to activate this option!
# Because it allows you to block the proxy command tablist.
waterfall_prevention: false
# Prevents tabbing of these commands, so as not to conflict with other plugins.
commands:
- 'pl'
- 'plugins'
- 'ver'
- 'version'
- 'about'
- '?'
- 'help'
- 'bukkit:pl'
- 'bukkit:plugins'
- 'bukkit:ver'
- 'bukkit:version'
- 'bukkit:about'
- 'bukkit:?'
- 'bukkit:help'
- 'minecraft:?'
- 'minecraft:help'
bypass:
# Here you can enter what kind of bypass you prefer
# to be able to perform the complete tab:
# - PERMISSION | (Bypass via permission: bettersecuritybungee.bypass.antitab)
# - PLAYERS | (Bypass by player name)
method: 'PERMISSION'
# Tip. You can put both the player's name and his UUID.
players:
- 'playerName1'
- '8667ba71-b85a-4004-af54-457a9734eed7'
whitelisted_suggestions:
enabled: true
# If it is on "true", you will be able to tab the command much more conveniently!
# BUT, in order to function correctly, the use of BetterSecurity is also recommended in the spigot.
# This is because by activating this method, blocking the tab only from the bungeecord, it may not work correctly.
partial_matches: false
# Here you can put the groups under the "groups" list, which are enabled in the proxy.
# If you enter "*", you will enable all groups.
enabled_groups:
- '*'
# This is the list of suggestions groups whitelisted in the complete tab.
# In these groups you can put the following requirements:
# - required_server: <serverName> | (If you put this requirement, the group will go only for the specified server)
# - required_permission: <permission> | (If you set this requirement, the group will go only for those who have the specified permission)
# - required_players: ['playername1', 'playername2'] | (If you put this requirement, the group will go only for the players in the list)
# If you want to put multiple requirements in one group you can do it safely.
# You can also ignore one or more servers in a group, by putting:
# - ignore_servers: ['server1', 'server2'] | (Servers that are in this list will not see group suggestions)
groups:
# This is an example of a group with no requirements, suggestions inside this group will be seen by everyone.
global:
# List of whitelisted suggestions in complete tabs.
suggestions:
- 'tell'
- 'msg'
- 'w'
- 'whisper'
- 't'
- 'r'
- 'reply'
# In this example group, the hints will be shown on all servers, except the servers that have been skipped.
spawn:
ignore_servers:
- 'bedwars'
- 'skywars'
suggestions:
- 'spawn'
# This is an example of a group that only requires one server.
# The suggestions in this list will only be displayed by the requested server.
lobby:
required_server: lobby
suggestions:
- 'login'
- 'l'
- 'reg'
- 'register'
# This is an example of a group that only requires one server and one permission.
# The player who is inside that server, and has that permission, will see the suggestions listed.
faction_vip:
required_server: faction
required_permission: 'bettersecuritybungee.tab.faction_vip'
suggestions:
- 'fly'
# This is an example of a group that only requires a permit.
# The player who has that permission will see this list of suggestions.
staff:
required_permission: 'bettersecuritybungee.tab.staff'
suggestions:
- 'tempban'
- 'tempmute'
- 'unban'
- 'pardon'
- 'kick'
- 'unmute'
- 'warn'
- 'warnings'
- 'history'
- 'dupeip'
- 'ss'
- 'freeze'
- 'unfreeze'
# This is an example of a group that only requires a list of players.
# Players in this list will see these suggestions.
owner:
required_players:
- 'playername1'
- 'playername2'
suggestions:
- 'op'
- 'deop'
FOR SUPPORT
┃Write to me here in private, Telegram, or by Discord
⚠️ After the update, reset or add the new changes, to the config.yml
BUGS FIXED (Bungeecord)
┃Fixed the "server_mode" in the "Blocks_Commands" section. Now they will work fine.
NEW CHANGES (Bungeecord)
┃Revisited the "Block_Tab_Complete" section. It has now been improved.
# ______________ ______ ________ ______ _________ ______ _____
# ___ __ )__ /______________ /__ ___ __/_____ ___ /_ __ ____/____________ ______________ /______ /_____
# __ __ |_ /_ __ \ ___/_ //_/ __ / _ __ `/_ __ \ _ / _ __ \_ __ `__ \__ __ \_ /_ _ \ __/ _ \
# _ /_/ /_ / / /_/ / /__ _ ,< _ / / /_/ /_ /_/ / / /___ / /_/ / / / / / /_ /_/ / / / __/ /_ / __/
# /_____/ /_/ \____/\___/ /_/|_| /_/ \__,_/ /_.___/ \____/ \____//_/ /_/ /_/_ .___//_/ \___/\__/ \___/
# /_/
Block_Tab_Complete:
# --------- < ⚠ > ---------
# If you have BungeeCord, the use of Waterfall ([url]https://papermc.io[/url]/) is recommended.
# This is because you can also block the commands in tab 1.13+ of the proxy.
enabled: true
# Do you have waterfall or forks using it? (Types: Aegis, FlameCord, etc..).
# ⚠ If the answer is yes then you definitely need to activate this option!
# Because it allows you to block the proxy command tablist.
waterfall_prevention: false
# Prevents tabbing of these commands, so as not to conflict with other plugins.
commands:
- 'pl'
- 'plugins'
- 'ver'
- 'version'
- 'about'
- '?'
- 'help'
- 'bukkit:pl'
- 'bukkit:plugins'
- 'bukkit:ver'
- 'bukkit:version'
- 'bukkit:about'
- 'bukkit:?'
- 'bukkit:help'
- 'minecraft:?'
- 'minecraft:help'
bypass:
# Here you can enter what kind of bypass you prefer
# to be able to perform the complete tab:
# - PERMISSION | (Bypass via permission: bettersecuritybungee.bypass.antitab)
# - PLAYERS | (Bypass by player name)
method: 'PERMISSION'
# Tip. You can put both the player's name and his UUID.
players:
- 'playerName1'
- '8667ba71-b85a-4004-af54-457a9734eed7'
whitelisted_commands:
enabled: true
# If it is on "true", you will be able to tab the command much more conveniently!
# BUT, in order to function correctly, the use of BetterSecurity is also recommended in the spigot.
# This is because by activating this method, blocking the tab only from the bungeecord, it may not work correctly.
partial_matches: false
# Here you can put the groups under the "groups" list, which are enabled in the proxy.
# If you enter "*", you will enable all groups.
enabled_groups:
- '*'
# This is the list of suggestions groups whitelisted in the complete tab.
# In these groups you can put the following requirements:
# - required_server: <serverName> | (If you put this requirement, the group will go only for the specified server)
# - required_permission: <permission> | (If you set this requirement, the group will go only for those who have the specified permission)
# - required_players: ['playername1', 'playername2'] | (If you put this requirement, the group will go only for the players in the list)
# If you want to put multiple requirements in one group you can do it safely.
groups:
# This is an example of a group with no requirements, suggestions inside this group will be seen by everyone.
global:
# List of whitelisted suggestions in complete tabs.
suggestions:
- 'spawn'
- 'tell'
- 'msg'
- 'w'
- 'whisper'
- 't'
- 'r'
- 'reply'
# This is an example of a group that only requires one server.
# The suggestions in this list will only be displayed by the requested server.
lobby:
required_server: lobby
suggestions:
- 'login'
- 'l'
- 'reg'
- 'register'
# This is an example of a group that only requires one server and one permission.
# The player who is inside that server, and has that permission, will see the suggestions listed.
faction_vip:
required_server: faction
required_permission: 'bettersecuritybungee.tab.faction_vip'
suggestions:
- 'fly'
# This is an example of a group that only requires a permit.
# The player who has that permission will see this list of suggestions.
staff:
required_permission: 'bettersecuritybungee.tab.staff'
suggestions:
- 'tempban'
- 'tempmute'
- 'unban'
- 'pardon'
- 'kick'
- 'unmute'
- 'warn'
- 'warnings'
- 'history'
- 'dupeip'
- 'ss'
- 'freeze'
- 'unfreeze'
# This is an example of a group that only requires a list of players.
# Players in this list will see these suggestions.
owner:
required_players:
- 'playername1'
- 'playername2'
suggestions:
- 'op'
- 'deop'
FOR SUPPORT
┃Write to me here in private, Telegram, or by Discord
⚠️ After the update, reset or add the new changes, to the config.yml
NEW SECURITY PATCH (BungeeCord)
┃Added in the bungeecord section "Prevent_Command_Spam", it is able to fix an exploit that is able to crash the bungeecord! Currently plugins like LPX do not take advantage of this feature, so I recommend you to activate it.
NEW CHANGES (BungeeCord)
┃Added executors to the bungeecord as well! The same ones that are in the spigot version have been added, except 2: BossBar and Sound. Also added was the "[KICK] reason" executor.
┃In the "Blocks_Commands" section, the messages have been replaced with executors.
NEW CHANGES (Spigot/Bukkit)
┃Added placeholder "%center%", to be usable for all messages. (Included in executors)
┃Added event priorities! You can change their priority for the various sections. They have been added for the following sections: Unknown_Command, Block_Syntax, Blocks_Commands, Commands_Only_Console, Commands_Only_Players, Block_Custom_Commands.
FOR SUPPORT
┃Write to me here in private, Telegram, or by Discord
⚠️ After the update, reset or add the new changes, to the config.yml
Recommended to use ProtocolLib for all versions
BUGS FIXED (Spigot/Bukkit)
┃With a lot of sweat and effort, we have solved a very IMPORTANT problem! We have completely fixed the full tab bypass of the Meteor client. We are probably currently the only ones in the platform (I tested the most famous ones, and they are all bypassable)
Other clients it has been tested on: ParrotClient 2.0, Skillclient, EaZy.
TIP ┃If you want to be safer, you can disable the following permissions:
- minecraft.*
- bukkit.command.*
If you have LuckPerms just do: /lp user/group <name> permission set <permission> false (Example: /lp group default permission set minecraft.* false)
If you have PermissionsEx just do: /pex user/group <name> add -<permission> (Example: /pex group user add -bukkit.command.*)
BUGS FIXED (BungeeCord)
┃Fixed an issue that caused the plugin to not launch correctly on Bungeecord (without fork). Added a new option to lock Tab Complete accordingly.
NEW CHANGES (BungeeCord)
┃Add the "waterfall prevention" option, which allows you to block proxy commands as well. (Also works with any fork of Waterfall, such as Aegis, FlameCord, etc..)
FOR SUPPORT
┃Write to me here in private, Telegram, or by Discord
⚠️ After the update, reset or add the new changes, to the config.yml
NEW CHANGES (Spigot/Bukkit)
┃Added exempt commands for the "Unknown Commands" section. This can be useful for any plugins that don't log commands to bukkit directly.
# _________ _____ _____ __ ______ _________ _________
# __ ____/___ __________ /_____________ ___ __ / / /_________ /_________________ ________ __ ____/____________ __________ _________ _____________ /
# _ / _ / / /_ ___/ __/ __ \_ __ `__ \ _ / / /__ __ \_ //_/_ __ \ __ \_ | /| / /_ __ \ _ / _ __ \_ __ `__ \_ __ `__ \ __ `/_ __ \ __ /
# / /___ / /_/ /_(__ )/ /_ / /_/ / / / / / / / /_/ / _ / / / ,< _ / / / /_/ /_ |/ |/ /_ / / / / /___ / /_/ / / / / / / / / / / / /_/ /_ / / / /_/ /
# \____/ \__,_/ /____/ \__/ \____//_/ /_/ /_/ \____/ /_/ /_//_/|_| /_/ /_/\____/____/|__/ /_/ /_/ \____/ \____//_/ /_/ /_//_/ /_/ /_/\__,_/ /_/ /_/\__,_/
#
Unknown_Command:
# --------- < ⚠ > ---------
# This feature is only recommended for versions 1.19+!
# This is because spigot does not currently edit the unknown command via spigot.yml,
# but remains the default one. If you have a version lower than 1.19, you can leave it to false.
enabled: true
# To ignore this section put "exempt_commands: []"
# This function allows you, in case of problems, to be able to insert a
# list of commands that the plugin will ignore.
# The command set by default was put as an example for those who use ChatControl-Red,
# who when running /tell also execute a command that is not registered on Bukkit.
exempt_commands:
- '#flp'
# If set to "true", it will fetch the unknown message directly from spigot.yml.
# If it's false, then it will use the executor below.
use_spigot_message: true
# If "use_spigot_message" is true, ignore this section.
# < ? > You can find more information about the executors in the header.
executors:
- '[MESSAGE] %prefix%The "&b%command%&7" command was not found.'
FOR SUPPORT
┃Write to me here in private, Telegram, or by Discord
⚠️ After the update, reset or add the new changes, to the config.yml
NEW CHANGES (Spigot/Bukkit)
┃Added customizable unknown messages for version 1.19+. It also works with previous versions, but if you want to just add something more. (Example: Titles, ActionBar, Etc..)
[⚠ This function with PlugMan can give problems if you upload new plugins. In that case if you run into problems, just restart the server to correctly register the new commands.]
┃In the "Block_Custom_Commands" section, you can now register multiple commands at once. By default it is "command", with this version "commands" has also been added, to block multiple commands with the same executor.
# _________ _____ _____ __ ______ _________ _________
# __ ____/___ __________ /_____________ ___ __ / / /_________ /_________________ ________ __ ____/____________ __________ _________ _____________ /
# _ / _ / / /_ ___/ __/ __ \_ __ `__ \ _ / / /__ __ \_ //_/_ __ \ __ \_ | /| / /_ __ \ _ / _ __ \_ __ `__ \_ __ `__ \ __ `/_ __ \ __ /
# / /___ / /_/ /_(__ )/ /_ / /_/ / / / / / / / /_/ / _ / / / ,< _ / / / /_/ /_ |/ |/ /_ / / / / /___ / /_/ / / / / / / / / / / / /_/ /_ / / / /_/ /
# \____/ \__,_/ /____/ \__/ \____//_/ /_/ /_/ \____/ /_/ /_//_/|_| /_/ /_/\____/____/|__/ /_/ /_/ \____/ \____//_/ /_/ /_//_/ /_/ /_/\__,_/ /_/ /_/\__,_/
#
Unknown_Command:
# --------- < ⚠ > ---------
# This feature is only recommended for versions 1.19+!
# This is because spigot does not currently edit the unknown command via spigot.yml,
# but remains the default one. If you have a version lower than 1.19, you can leave it to false.
# If you use PlugMan, it can cause problems if the plugin it loads registers commands for the first time.
enabled: false
# If set to "true", it will fetch the unknown message directly from spigot.yml.
# If it's false, then it will use the executor below.
use_spigot_message: true
# If "use_spigot_message" is true, ignore this section.
# < ? > You can find more information about the executors in the header.
executors:
- '[MESSAGE] %prefix%The "&b%command%&7" command was not found.'
# In this example, he shows you how you can block multiple commands with the same executor.
example_Command4:
commands:
- 'exampleCommand4'
- 'exampleCommand5'
warning: true
permission_required: 'bettersecurity.bypass.exampleCommands'
executors:
- '[MESSAGE] %prefix%&cYou cannot execute this command!'
FOR SUPPORT
┃Write to me here in private, Telegram, or by Discord
⚠️ After the update, reset or add the new changes, to the config.yml
