Today, we detected a bias in the download count on @VanishedKevin plugins. They had too many downloads in short time intervals. After investigated it, we discovered some (not shocking) facts. All their plugins included several automatic download links to his plugins, allowing him to increase his download count each time someone visited his plugins. Even more, he also included code to auto-vote his plugins with 5 stars, to shadow all other bad reviews of his plugins, that didn't work due to security measures. This caused that all his plugins were at the top of the download ordering on the Plugin Repository. As of today, and after several warnings related to spamming his plugins in other threads, or bad behaviour, he has been permanently banned from the forum and all his plugins removed again. He was also KevinWang_China, that was banned a few months ago for including backdoors in his plugins. No excuses are valid for this, as he knew perfectly what was he doing. Any other plugin developer that does the same will suffer the same consequences.
So, the factions had a code to auto maticlly give him 5 star? And also PMess give error to PocketMineapiS
Wow. I thought Kevin was the kind of guy that wouldn't put those lines of code in his plugins. I'm ashamed in him.
his faction plugin was encrypted. i tried to decompile the pmf file and it turned out the php code was also encrypted. meaning, i cant see what would happen if i ran the plugin.
Does anybody still have his plugin PocketEssentials lying around on their computer? If so, please PM it to me! I think I can fix it, and improve it a bit.
The code is not encrypted, but obfuscated. The strings are in hex code so that's no problem to "de-obfuscate" (don't know if that word exists), but all the variables are renamed and their is no way that you can get their original name back.
@shoghicp could you make one time download links? That would make it a lot harder to make auto downloaders