EDIT: This has been "resolved" by the MCAdmin crew, with an apology. Link to changes: http://www.minecraftforum.net/viewtopic.php?f=1012&t=24629 I guess I need to read the forums and search harder. Apologies to the MCAdmin crew. I would still like to see if the backdoor exists. User Permission control is still good and all, but... if the original code exists, who knows what someone could do?
This may be unwarranted, but it has come to light that there is a back-door into MCAdmin. Supposedly according to this thread: viewtopic.php?f=1013&t=66067
MCAdmin devs and admins can (if the story is true):
1.UNBAN themselves (others too?) from YOUR SERVER
2. BAN YOU from your OWN SERVER
3. I'm assuming they can do other things, but the top two are the only admitted.
This means that there is a BACKDOOR into ALL MCAdmin servers. What does this possibly mean?
1.Above list
2.Someone could potentially spoof this admin rights, and GRIEF THE **** out of YOUR server
3.Possibly run code due to any unknown (at the moment) exploits in MCAdmin.
This needs to be investigated, people. I'm calling out the MCAdmin devs to explain themselves, in full, to the community.
I have posted this in two forums, because this is applicable to Server Administration and Survival Multiplayer, in different regards. Client and Server need to be aware.
There's a separate thread for this (the MCAdmin thread; google MCAdmin). For your personal info, he's removed all those features (Save for development mode, however it now prompts you when you first start the server on whether or not to enable it) and has publicly apologized.
Thanks for the update, I appreciate it. I should've searched. I basically assumed that since people were still talking about it like it hadn't been fixed, then it wasn't fixed. Thank you Vekter! Good heads-up man, really. Kept me like looking like a bigger ass then I do now. lol
The issue is beyond simple code. When exposed, the dev's response wasn't to acknowledge people's concerns with a timely update. Instead the dev's powertripped, cried, and threatened. People who have disagreed with them have been added to their global ban list. While the current patch may be acceptable, by using MCAdmin you expose yourself to their next emotional outburst.
EDIT 2: See this, I totally agree with the poster. http://www.reddit.com/r/Minecraft/comments/dxm6h/apparently_dont_use_mcadmin/c13p1cb
This may be unwarranted, but it has come to light that there is a back-door into MCAdmin. Supposedly according to this thread: viewtopic.php?f=1013&t=66067
MCAdmin devs and admins can (if the story is true):
1.UNBAN themselves (others too?) from YOUR SERVER
2. BAN YOU from your OWN SERVER
3. I'm assuming they can do other things, but the top two are the only admitted.
This means that there is a BACKDOOR into ALL MCAdmin servers. What does this possibly mean?
1.Above list
2.Someone could potentially spoof this admin rights, and GRIEF THE **** out of YOUR server
3.Possibly run code due to any unknown (at the moment) exploits in MCAdmin.
This needs to be investigated, people. I'm calling out the MCAdmin devs to explain themselves, in full, to the community.
I have posted this in two forums, because this is applicable to Server Administration and Survival Multiplayer, in different regards. Client and Server need to be aware.