McMyAdmin Restricted Plugins List
By default, McMyAdmin restricts the use of a number of CraftBukkit plugins. Plugins may be restricted for one or more of the following reasons:
- Providing unrestricted/unsandboxed scripting or runtime-loaded code abilities.
- Providing local access to the machine, including the ability to run executables.
- Allowing incoming network connections on insecure/unencrypted protocols.
- Circumventing licence/contract restrictions placed by either McMyAdmin or a hosting provider.
- Storing sensitive data unencrypted (such as passwords)
Plugins are disabled by renaming their extension from .jar to .jar.restricted before the Minecraft server is started.
Restricted plugins can still be installed by adding "-pluginname" (excluding the quotes) to the Security.BannedPlugins setting in McMyAdmin.conf. You can add multiple restricted plugins by separating them with commas.
The current restricted plugins list is as follows:
- bTelnetD (Local machine access, insecure protocol)
- ExChat (Insecure protocol)
- jxpl (Arbitrary code execution)
- mctelnet (Local machine access, insecure protocol)
- MineWire (Alias of mctelnet)
- NoPlayerLimit (Circumvents player limit on Personal edition, or on rented servers)
- PyDevTools (Arbitrary code execution)
- PythonLoader (Arbitrary code execution)
- RConPlus (Insecure protocol, unencrypted passwords)
- RemoteBukkit (Insecure protocol, unencrypted passwords)
- JSONAPI (Insecure protocol, arbitrary code installation)