TPT Minecraft Server

  • CeeJayBee
    27th June Member 0 Permalink
  • jacob1
    30th June Developer 0 Permalink
    In my last post, I said "The cryptographic signing feature is a good security measure to prevent false reporting while still respecting privacy of servers. Only reported messages and their context are sent, and their authenticity is verifiable"

    I have since been corrected. A code analysis of 1.19.1 found several flaws that could be used by a malicious client to send false reports. The chat context feature is abusable in particular (with ability to omit context or insert messages that weren't said). More details in the youtube videos linked here, I haven't watched these videos yet but that is the main takeaway that was summarized to me.
    For clients, I recommend installing this mod: https://modrinth.com/mod/no-chat-reports
    For my server I will install this mod, although from my understanding it doesn't actually prevent messages from being reportable, it just removes the signing keys (I will test it later though). - Edit found a better plugin which solves the problem better, by switching chat messages to system messages.

    The rest of my message is still accurate though, so read that for my stance.
    Server will remain on 1.19 as I am on vacation, and 1.19.1 was delayed anyway (maybe to fix the flaws in the system? Who knows)


    Edit: a later 1.19.1 prerelease did fix the signing issues with chat report context, for the most part. False reporting is now very difficult. One exploit was found but it requires you to mess with context using private messages, it is more difficult to do this and not clear if Mojang will act on such reports. I'll still leave the decision up to you on whether to install the no chat report mods. The server is updated to 1.19.2 now.
    Edited 3 times by jacob1. Last: 7th August
  • DemonCrystal
    3rd July Member 0 Permalink

    my explosive computer has to use 1.8.9 cracked to not explode.

  • Inventor70
    3rd July Member 0 Permalink

    Are 1.19 mods and resource packs allowed like MrCrayfish's Furniture Mod and WorldEdit, and shaders?

    Also, i have TLauncher for Minecraft, so you can install mods there.

    @hyunwoopi (View Post)

     no or you will get banned

    Edited 2 times by Inventor70. Last: 3rd July
  • IEATDIRT
    3rd July Member 0 Permalink

    @Inventor70 (View Post)

     shaders and resource packs are allowed (as long as they dont break rules aka xray texture packs) but you cant install things like mrcrayfish's furniture pack and worldedit and expect them to work on a server that doesnt have them installed as well.

  • nebulus_2000
    7th July Member 0 Permalink

    Jacob1, If possible, could you please make one for bedrock edition? And btw, Is it like a survival server?

  • jacob1
    7th July Developer 0 Permalink
    @nebulus_2000 (View Post)
    I don't own / use bedrock edition, so I'm not going to make a bedrock server.
    Also, it is a survival server. There is a description of it in the first post.
  • jacob1
    7th August Developer 0 Permalink
    The server has now been updated from 1.19 to 1.19.2. I was delaying the upgrade, but it looks like all the plugins I need support 1.19.2 now. This update fixes an exploit in the chat report system that could let an attacker disconnect other players from the server with an error.

    1.19.1 adds chat reporting. I don't buy into the community outrage over this feature. But, it still doesn't mesh with the way I run the server. I can't enforce secure chat signing, because I allow players who don't own the game to join the server if whitelisted. Chat signing is also not compatible with BungeeCord, which I use to run simultaneous survival and creative servers. Due to both of these incompatibilities, warnings would be displayed to users. Messages sometimes claimed they were tampered with by the server, and also on every connect it said my server wasn't secure because it doesn't enforce chat signing.

    To resolve this issue, I've loaded a mod FreedomChat. I looked into several possible options for disabling the warnings, but this one works best. The others are designed to disable chat reporting but don't care about the frequent warnings sent to users about the supposed insecurity of my server and the chat messages. This one actually resolves that by changing all chat messages into system messages. This makes them unreportable, and since system messages are never signed the warnings over unsigned messages don't get shown. If this causes any issues for you, please let me know.

    If you encounter a problematic user who you want to report, contact me. Either in-game, through a PM, or on Discord. You can also read the stance I posted about chat reporting on the previous page
  • Waterbottle123
    7th August Member 0 Permalink

    What does tpt have to do with Minecraft if I may ask? 

    @jacob1 (View Post)

     

  • jacob1
    7th August Developer 0 Permalink
    @Waterbottle123 (View Post)
    I am just posting updates about the TPT Minecraft server, which is a server I've run for the past 7 years. The playerbase consists of TPT players who also happen to play Minecraft. There's quite a bit of overlap there.