How to protect your Minecraft server from hacking via PlaceholderAPI

In this article, we will understand how to protect Minecraft server from file siphoning and hacking.

Disable the ecloud function in PlaceholderAPI via (config.yml) to avoid downloading a malicious add-on (expansion) to your server via /papi ecloud download [name]
Remove the add-on (expansion) in PlaceholderAPI called Javascript, to be exact, only if you used the version of this add-on from 1.6.0 to 2.1.0 to get rid of /jsexp parse (checking any JS code), preferably if you need it, replace it with version 2.1.2 to avoid data hacking/sniffing.
Remove PlugmanX plugin and replace with ServerUtils (to avoid downloading backdoor, malicious plugin to the server via /plugman download direct/spigot)
Do not install the PluginManager plugin (to avoid also /pm download direct/spigot)
If you use proxies, such as Bungeecord, Flamecord, Waterfall, NullCordX, it is advisable to install any of the listed plugins for port bypassing - IPWhitelist, BungeeGuard, SafeNET, etc. on all servers.

More useful information can be found here: EnotTeam - Minecraft Servers Creation

641 views