YouHaveTrouble/minecraft-exploits-and-how-to-fix-them
1
0
Fork 0
mirror of https://github.com/YouHaveTrouble/minecraft-exploits-and-how-to-fix-them.git synced 2026-05-11 22:16:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

reformat and added minor notes

Browse Source
This commit is contained in:
YouHaveTrouble
2025-10-18 14:32:20 +02:00
parent 839e78d3a0
commit 2999934287
1 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
readme.md
+10 -3
View File
@@ -30,7 +30,9 @@ entities:
### Book exploits ### Book exploits
Books are a common target for exploitation techniques, and have been used for all sorts of nasty things in the past including duplication exploits, crash exploits, and forcing servers to run out of memory while producing massive amounts of chunk data. Books are a common target for exploitation techniques, and have been used for all sorts of nasty things in the past
including duplication exploits, crash exploits, and forcing servers to run out of memory while producing massive amounts
of chunk data.
#### Option 1 #### Option 1
@@ -45,7 +47,9 @@ item-validation:
#### Option 2 #### Option 2
Disabling books completely prevents the most book exploits (as long as plugins don't create non-standard books). Pufferfish config option prevents players from writing to the book, therefore ruling out anything that requires player input to work. Disabling books completely prevents the most book exploits (as long as plugins don't create non-standard books).
Pufferfish config option prevents players from writing to the book, therefore ruling out anything that requires
player input to work. Alternatively, you can use plugins or datapacks to disable ways to obtain book and quill item.
`pufferfish.yml` `pufferfish.yml`
```yaml ```yaml
@@ -87,11 +91,13 @@ packet-limiter:
While even spigot will protect you from this exploit, there's a slight oversight that will enable a single command to be While even spigot will protect you from this exploit, there's a slight oversight that will enable a single command to be
usable to perform this one. To fix this, simply remove /skill command from the spam exclusions list in spigot.yml. usable to perform this one. To fix this, simply remove /skill command from the spam exclusions list in spigot.yml.
In latest versions paper offers additional toggle for this feature that disables exclusions by default.
`spigot.yml` `spigot.yml`
```yaml ```yaml
commands: commands:
spam-exclusions: [] spam-exclusions: []
enable-spam-exclusions: false
``` ```
### Join spam ### Join spam
@@ -117,7 +123,8 @@ settings:
### Neighbor update lag machines ### Neighbor update lag machines
Limiting the amount of consecutive neighbor updates before skipping additional ones. Moderately reducing this value has no game impact and helps alleviate various 'neighbor update lag machines'. Limiting the amount of consecutive neighbor updates before skipping additional ones. Moderately reducing this value has
no game impact and helps alleviate various 'neighbor update lag machines'.
`server.properties` `server.properties`
```properties ```properties