RE: Leaking plugins (2nd post)

[Splodgebox]

Recently I create a post in which I stated that I am fine with my plugins leaked but just don't want people paying someone else for it.

I recently found out that the sites in which you pay like $5-6 to get my plugins so not a very big discount have actually added a backdoor...

I retract my statement from before, I am fully against all type of leaking now. It's ridiculous to think that someone would add a plugin that is leaked onto their server to wake up to no server at all.
​

Please do not use leaked plugins as you never know what the leaker might have added into it. Buying a plugin is the safest option as it will never have backlashes compared to using leaked ones.​

Justis I am sorry for the last post.​

 

[Seatbelts]

Some people are scumbags.

 

[Marisa]

I’m curious what the url is. Mind decrypting the strings?

 

[FisherGee]

Sorry to hear about this, especially if you've spent a lot of time on your plugins.
Maybe try adding your own personal verification plugin? Like they get a code and they need to verify the code with the plugin idk.

 

[Splodgebox]

I’m curious what the url is. Mind decrypting the strings?

No clue how to do that, if you want I can send the strings to you and you can try.[DOUBLEPOST=1570766863][/DOUBLEPOST]

Sorry to hear about this, especially if you've spent a lot of time on your plugins.
Maybe try adding your own personal verification plugin? Like they get a code and they need to verify the code with the plugin idk.

SpigotMC doesn't allow that.

 

[Harry]

No clue how to do that, if you want I can send the strings to you and you can try

I wouldn't mind looking into it, if you're happy sending me this version via PMs?

 

[Justis]

For reference, this was the previous thread: https://www.mc-market.org/threads/523038/
And this was my response:

If you’re not going to fight against the leaks of your products, then why don’t you post an official free version which gets delayed releases and no product support?
By doing this, you’d be ensuring that the scum making money off of your products aren’t making money off of your products anymore. It’s not just a mater of it being something worth stopping either. By taking away from their subscription/adsense profits, you discourage them or at least aren’t enabling them to expand and continue doing the same acts of theft to your fellow creators.
You would also be ensuring that the potential buyers trying your plugin aren’t being infected with malware injected into the products by the leakers.

Not every creator is like you, in that they don’t care if their product is leaked. Many developers need every dollar to afford their apartments, their insurance, their bills, their university books. People underestimate just how expensive it is to live and make progress in the world. They’re actively fighting to get their products taken down because they need to in order to afford to continue creating content.
If you’re someone who doesn’t care, then I strongly encourage you not simply allow it to continue happening, and fight the leaks by making the product(s) public, with restrictions.

It is true that many leaked versions of a plugin will come with backdoors and malware injected inside. It’s not a difficult thing to do. Not all malware injections will be as obvious as the one shown here either.

Know that just because it’s advertised as a Minecraft plugin does not make it any less dangerous. It can completely clear your hard drive, it can add you to a bot net, it can install a keylogger, or a screen controller, or share all available permissions on the machine with some unknown third party. Before you know it, your ip address and those of your players as well as everything you’ve worked on has been leaked, just like the plugin you installed.

There are many reasons that all of MC-Market’s resources go through manual approval, and this is one of them.

As a marketplace, respecting the rights of content creators is paramount, and as seen here: https://www.mc-market.org/threads/455982/ we will always discourage the use of leak sites for this reason; but for your own safety as well, be very weary of the stolen software hosted there.

 

[croissant222]

Just run the backdoored one on a vm and watch the connections

 

[Marisa]

Just run the backdoored one on a vm and watch the connections

Or just take all of the strings and print them. Lol.

 

[DarkKnights22]

Indeed it is as it is, people being the scum bags they are...

 

[Splodgebox]

I just wanted to bump this post up a bit since recently a lot more people have been using leaked versions of my plugins.

 

[/usr/bin/]

I just wanted to bump this post up a bit since recently a lot more people have been using leaked versions of my plugins.

Thats a Internationalized Domain name, which allow non-english characters, you can use Punycode converter to get the string. Send me that file and I can take a look for you.