Advertisement
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Announcement About Plugin download spoofing

Comments in 'Plugin Releases' started by shoghicp, Dec 7, 2013.

  1. shoghicp
    Offline

    shoghicp Staff Member PocketMine Team

    Joined:
    Aug 22, 2013
    Posts:
    433
    Plugins:
    14
    Minecraft User:
    shoghicp
    Today, we detected a bias in the download count on @VanishedKevin plugins. They had too many downloads in short time intervals. After investigated it, we discovered some (not shocking) facts.

    All their plugins included several automatic download links to his plugins, allowing him to increase his download count each time someone visited his plugins. Even more, he also included code to auto-vote his plugins with 5 stars, to shadow all other bad reviews of his plugins, that didn't work due to security measures. This caused that all his plugins were at the top of the download ordering on the Plugin Repository.

    As of today, and after several warnings related to spamming his plugins in other threads, or bad behaviour, he has been permanently banned from the forum and all his plugins removed again. He was also KevinWang_China, that was banned a few months ago for including backdoors in his plugins. No excuses are valid for this, as he knew perfectly what was he doing.

    Any other plugin developer that does the same will suffer the same consequences.
    Taha_The_Hacker, LDX, Falk and 6 others like this.
  2. KnownUnown
    Offline

    KnownUnown Active Member Plugin Developer

    Joined:
    Aug 22, 2013
    Posts:
    65
    Plugins:
    1
    Minecraft User:
    KnownUnown
    Hope to see other great devs rise up to the challenge and make better versions of Kevin's plugins.
  3. Glitchmaster_PE
    Offline

    Glitchmaster_PE Notable Member Plugin Developer

    Joined:
    Aug 31, 2013
    Posts:
    834
    Plugins:
    8
    Minecraft User:
    Glitchmaster_PE
    Known that person is you xD
  4. Super·-·Nova·-·
    Offline

    Super·-·Nova·-· New Member

    Joined:
    Dec 7, 2013
    Posts:
    4
    Wait?... so he was scamming everyone?
  5. Glitchmaster_PE
    Offline

    Glitchmaster_PE Notable Member Plugin Developer

    Joined:
    Aug 31, 2013
    Posts:
    834
    Plugins:
    8
    Minecraft User:
    Glitchmaster_PE
    Yep
  6. Super·-·Nova·-·
    Offline

    Super·-·Nova·-· New Member

    Joined:
    Dec 7, 2013
    Posts:
    4
  7. iJoshuaHD
    Offline

    iJoshuaHD Notable Member Plugin Developer

    Joined:
    Nov 7, 2013
    Posts:
    1,196
    Plugins:
    4
    Minecraft User:
    iJoshuaHD
    damn .. :-/
  8. JassperBeastHD
    Offline

    JassperBeastHD Banned

    Joined:
    Aug 27, 2013
    Posts:
    436
    Minecraft User:
    JassperBeastHD
    So, the factions had a code to auto maticlly give him 5 star? And also PMess give error to PocketMineapiS
  9. KarkatVantas
    Offline

    KarkatVantas Banned

    Joined:
    Oct 11, 2013
    Posts:
    5
    Minecraft User:
    KVantasMC
    Wow. I thought Kevin was the kind of guy that wouldn't put those lines of code in his plugins. I'm ashamed in him.
  10. Kem
    Offline

    Kem New Member

    Joined:
    Dec 4, 2013
    Posts:
    24
    Minecraft User:
    Kem200
    :( This is sad....
  11. Darunia18
    Offline

    Darunia18 Staff Member Sectional Moderator

    Joined:
    Aug 23, 2013
    Posts:
    755
    Plugins:
    2
    Minecraft User:
    Darunia18
    I thought he had changed :/ he could've been one of the greatest...
    LDX, ZacHack and KnownUnown like this.
  12. MegaSamNinja
    Offline

    MegaSamNinja Active Member

    Joined:
    Sep 13, 2013
    Posts:
    138
    Minecraft User:
    Bamuel
    Whoa what a Intensive Plugin
  13. KnownUnown
    Offline

    KnownUnown Active Member Plugin Developer

    Joined:
    Aug 22, 2013
    Posts:
    65
    Plugins:
    1
    Minecraft User:
    KnownUnown
    @Darunia18: true that.
    But then he did the download spoofing.
  14. iJoshuaHD
    Offline

    iJoshuaHD Notable Member Plugin Developer

    Joined:
    Nov 7, 2013
    Posts:
    1,196
    Plugins:
    4
    Minecraft User:
    iJoshuaHD
    his faction plugin was encrypted. i tried to decompile the pmf file and it turned out the php code was also encrypted. meaning, i cant see what would happen if i ran the plugin.
  15. JassperBeastHD
    Offline

    JassperBeastHD Banned

    Joined:
    Aug 27, 2013
    Posts:
    436
    Minecraft User:
    JassperBeastHD
    inbox be the php one, ill go threw it
  16. KarkatVantas
    Offline

    KarkatVantas Banned

    Joined:
    Oct 11, 2013
    Posts:
    5
    Minecraft User:
    KVantasMC
    Does anybody still have his plugin PocketEssentials lying around on their computer? If so, please PM it to me! I think I can fix it, and improve it a bit.
  17. Shadow
    Offline

    Shadow Banned

    Joined:
    Dec 7, 2013
    Posts:
    1
    Minecraft User:
    Chris35000vr
    I'll send you the latest version
  18. ZacHack
    Offline

    ZacHack Staff Member Sectional Moderator

    Joined:
    Aug 23, 2013
    Posts:
    325
    Plugins:
    6
    Minecraft User:
    _ZacHack_
    He deserves it now we have him so many chances
  19. wies
    Offline

    wies Notable Member

    Joined:
    Aug 23, 2013
    Posts:
    390
    The code is not encrypted, but obfuscated. The strings are in hex code so that's no problem to "de-obfuscate" (don't know if that word exists), but all the variables are renamed and their is no way that you can get their original name back.
    JassperBeastHD likes this.
  20. wies
    Offline

    wies Notable Member

    Joined:
    Aug 23, 2013
    Posts:
    390
    @shoghicp could you make one time download links? That would make it a lot harder to make auto downloaders

Share This Page

Advertisement