Exploits: Difference between revisions
Content deleted Content added
→SilentTP: Slight rewording |
No edit summary |
||
| (4 intermediate revisions by 3 users not shown) | |||
Line 1:
[[File:OmegaTrack_flatlands_heatmap.png|thumbnail|Heatmap of player activity gathered from collected coordinates using Worldcom, a coordinate exploit that was patched in July 2023 but continued to be used on the server for an entire month afterwards]]
TotalFreedom has had a long history of exploits being used both maliciously and harmlessly.
Line 19 ⟶ 21:
== 2020 ==
===
Discovered in November 2020, the '''Moving Piston''' exploit is an exploit affecting only servers running Spigot and was subsequently abused in the subsequent months by taking advantage of a bug in Spigot that is caused when a tile entity (e.g. a chest) is overwritten with a ''moving_piston'' block by replacing the tile entity with WorldEdit or similar plugins that replace blocks. The server then crashes when it tries to fix the overwritten tile entity. It affected Minecraft 1.16.4 and eventually was patched.
== 2021 ==
Line 36 ⟶ 39:
SilentTP, colloquially referred to as the first Nocom exploit, or just Nocom, was a text component that allowed for querying of a target player's position tag when resolved, even if they had TPToggle disabled in Essentials. This was added to [[DeviousMod]] in the form of a command allowing the user to automatically execute the exploit and teleport using Essentials to the target player's coordinates. Later, this was added to [[Community:SexiestBot|SexiestBot]] in the form of an algorithm which queried the position of every player connected to the server, allowing for teleportation to any player without having to first install DeviousMod.
This exploit was initially undiscovered for a few days, until [[Community:fyyv|fyyv]] made a suggestion on the forums, detailing how it deliberately circumvented TPToggle, recommending the
=== Worldcom ===
| |||