1) Disables the UncraftablePotion protection in 1.20 & 1.21 as there is an issue with this protection which causes console spam, we're working on a fix.

2) Fixed a bug that was preventing some protections from being properly enabled, please check your config.yml or browse the status of protections with /istack prot after updating to verify all settings are as they should be for your particular server.

A few under the hood bug fixes and added 1.21 support!

• Added 1.21.0 support.
• Updated FoliaAPI to 1.20.4.
• Added check for Folia server on startup.
• Fixed Folia shutdown scheduler error.

-Added support for 1.20.6 sorry for the delay! Been planning a funeral

Bugfixes:
1) Includes a few under the hood fixes.
2) Added a fix to improve check efficiency for hopper transfers, should improve things around large hopper farms.
3) Fixed errors on shutdown / plugin disable

New Features:
1) Added a feature to disable specific crafting recipes (1.12+ only)

1) Added a check for the logblock block tool. This tool defaults to BEDROCK, which is often a block server admins would like to prevent regular players from having. The RemoveItemsOfType will not remove the logblock block tool (no matter what its type is set to) as long as the player holding it has permission to use it normally, (logblock.tools.toolblock).

2) Added a fix that should properly shut down async tasks when the plugin is disabled / on server shutdown.

New Feature:
1) Added a user requested feature that will prevent Vexes from getting trapped inside boats/minecarts. Typically this is used by players to set up raid farms. *This protection is OFF by default as it's user requested* Enabling this protection will prevent new vexes from getting trapped as well as free current ones on the server.

Bugfix:
1) Fixed an issue that would cause a message in the console when checking inside custom inventories.

This update addresses a console error that would occur on Paper servers/variants when a composter/juke box was placed over a hopper.

Also addresses a console error that would sometimes occur on servers running newer IllegalStack versions on server versions lower than 1.20 on unload.

1) fixed a bug where async tasks were not being shut down quite properly if server owners did a /reload (naughty don't do this).

2) fixed a NPE that would occur on paper servers, a warning will appear now until the issue is resolved on their end.

3) increased the default time for PreventProjectileExploit2 from 11 seconds to 22 seconds, and switched the protection to default to OFF rather than on.
(note existing configurations will not automatically change)

1) Fixed a bug that would cause servers to crash when players used a fishing pole.
2) Removed 1.16+ from the list of versions affected by the donkey dupe protection as it *SHOULD* be prevented as of 20w16a.

1) Fixed a bug that would cause servers to crash when players used a fishing pole.
2) Removed 1.16+ from the list of versions affected by the donkey dupe protection as it *SHOULD* be prevented as of 20w16a.

Sorry everyone, I goofed.

It appears that something has changed (or I did it incorrectly to begin with) when we made the IllegalStack 2.8 update. There was some code that uses Protocollib, this code when paired with Protocollib 5 resulted in my plugin breaking combat a bit.
**Players were unable to land critical hits or do sweeping edge damage among other things.
I regret this has happened and for any inconvenience (player rage) this may have caused and for the delay in recognizing this was my fault rather than ProtocolLib's!

Please update your IllegalStack to version 2.9 (or greater) and use protocollib 5 (or greater)


*EDIT* also in this update new features!
1) This update should fix the bubble column exploit dealing with arrows/snowballs/etc. There is no great way to detect items floating in a bubble column in regular spigot so please let me know if there are any issues.

2) added a protection / notification to protect against the string dupe.

3) fixed a couple of protections that would omit themselves from the DisableInWorlds list, and adopted a better system that should greatly simplify the way this is checked and result in fewer protections slipping through the cracks.

BUGFIX -> Fixes an issue that would create console spam when servers were using protocollib v 5.

Sorry for the update spam.

BUGFIX -> Fixes an issue that would create console spam when servers were using protocollib v 5.

IllegalStack now prevents the tripwire/string dupe
->

Bugfixes:

1) Fixed a couple protections that were not activating by default, please check your console upon startup for details.

*Affects the following protections
- rail/carpet dupers
- villager trade cheesing
a) Villager Restock Time
b) Villager zombification chance

Updated to fix another console error due to versioning changes.

Updated to work with Protocollib version 5.0- fixes an error in the console.

IllegalStack now supports minecraft 1.20 (thanks to DerMistkaefer)
Folia support has been added (thanks to Loving11ish)

1) Added another option to user requested features, SpawnerReset can now be found in the config, and will allow you to reset a spawner type when it spawns an entity or when it is mined by a player

2) Added a protection to remove snowballs floating in water (lag source)

3) Fix to allow portals to work above Y 255 (1.19+)

4) Fixed a bug with nether ceiling movement checks (1.19)

5) Updated slimefun item detection and NPC detection.

This is purely an update to support 1.19, nothing new has been added just yet. If you are running IllegalStack on a 1.19 server though you definitely need to update.

Fixes an issue some servers would experience with an error in the console whilst interacting with a NPC.

1) Fixes a bug with the DamagePlayersAboveNether (user requested feature)
2) Disables the ability to turn on the PreventInfiniteElytraFlight if you are running 1.18 as the world height has increased, I will test and see if this is still an issue and push out another update if so.

Sorry for the delay, I still have covid but am feeling a little better.

1) Updated the plugin for 1.18
2) Updated the tripwire dupe protection to prevent tripwrire hooks from being placed on any door instead of just trapdoors (new variant)
3) Illegal Enchantment protection is now working properly again.

Dupes that are confirmed WORKING in 1.18
Rail/Carpet Dupe (appears to be patched in paper)
Tripwire Hook Dupe (appears to be patched in paper)
Falling Block Portal Dupes
Llama/Donkey Dupe

Bugfixes:
1) Fixed a bug that would cause an error to be printed to the console when clicking on a citizens NPC.
2) Fixed a bug that would cause errors on a 1.12 server when a portal was created.

Replacing the jar for 2.4.2 as it reported it was 2.4.0 in game

BUGFIX: 1.8 servers ONLY 1) Fixed an issue that would throw a console error with bedrock breaking protection.

BUGFIX: 1.8 servers ONLY
1) Fixed an issue that would throw a console error with bedrock breaking protection.

Typo Corrections:

Version 2.4.0 of IllegalStack changed the way almost all messages are written to the logs to properly use the LOGGER feature, there were a lot of places this happens and a few of them used ERROR instead of INFO and vice-versa. This update should correct that.

Bugfixes:
1) Fixed a bug where opped players were booted from the top of the nether instead of bypassing the protection.

New Feature:
User Requested Feature:
DamagePlayersAboveNether - This feature will allow players to teleport/walk on top of the nether roof however they will take damage over time which is configurable.

Bugfix:
1) Fixed a console error in 1.17 that would appear from time to time.

Protection Changes:
1) (1.17 servers ONLY) DISABLED Illegal Enchantment protection due to a bug, this is a temporary issue that will be resolved soon.

2) Re-enabled donkey dupe protection because this still exists in 1.17..

Bugfix:
1) Fixed a bug that would prevent nether portals from lighting.

Protection Changes:
1) Re-Enabled rail/carpet duper protections because rail and carpet duping still works in spigot....

2) Re-Enabled trip wire dupe protections because it is still possible to dupe tripwires.

BUGFIX: 1) Fixed a bug that was enabling the book exploit protection on 1.17 servers where it is not needed.

New Features!
1) Expanded bedrock breaking protection to prevent using nether portals to break blocks such as bedrock, barriers, structure blocks etc.

2) Prevents portals from spawning at y=255 and creating this:
https://i.imgur.com/mqAXdpU.png

IllegalStack has been updated to 1.17, thanks so much to ☣deVilCapo☣ for loaning me a 1.17 test server to do this upgrade!

Configurable messages in messages.yml
1) "Click to teleport here" text is now configurable.
2) Added message for StaffMsgDispenerFlint

New Features:
1) EnsureSafeTeleportLocationIfAboveCeiling - Makes sure the player wont be teleported back into solid netherrack or mid-air if teleport back down from above the nether ceiling.
2) BlockBuildingAboveNether - Prevents players from placing/breaking blocks when above the NehterYLevel setting.
3) PeventRecordDupe - Prevents an exploit using tnt, a skeleton and a pit full of creepers, used to mass farm records all at once.
4) PreventShulkerCrash - Prevents players from using a dispenser to place a shulker above the max build height, crasing the server (1.12 only).
5) PreventShulkerCrash2 - Prevents players from using a downward facing dispenser with flint and steel to crash the server. (1.16 only).

Bugfixes:
1) Fixed an issue with end portal destruction protection to prevent players from being able to use a bucket to break the end portal frames.

Added a protection against the record exploit which allows a player using some tnt, a pit of creepers and a single flaming arrow shot by a skeleton to produce an entire pit of records.

https://www.reddit.com/r/Minecraft/.../?utm_source=share&utm_medium=web2x&context=3

Fixes a bug with the PreventHeadsInside protections that would occur if you were in spectator mode and this protection was enabled.

Fixed a bug that would erroneously report that NBTApi was needed for a protection even though that protection was switched off.. Sorry!

Bugfixes:
1) Fixed a bug that would throw a console error if an item with bad attributes was pulled OUT of a chest via a hopper.

New Features:
1) PreventSpawnEggsOnSpawners - Added the ability to block players using spawn eggs to change the type of spawned creatures *ops bypass this* 1.13+
2) Expanded the PreventHeadInsideBlocks to catch players using blocks like the composter to see through walls. An additional option has been added to this protection: AlsoPreventHeadInside

New Messages:
1) StaffMsgChangedSpawnerType - Player ~player~ used ~type~ to change a spawner type @
2) PlayerSpawnEggBlock - &cSorry you can not use spawn eggs to change spawner types!
3) HeadInsideSolidBlock2 - Stopped ~player~ 's head from being inside a ~block~ Reason: potential Xray Glitch

1) Fixed an error that would throw a console error on 1.10 based servers sometimes.
2) Modified the piglin dupe protection slightly to protect against piglins that were already in the game. (Please note with the piglin dupe protection players can still barter with piglins by right clicking while holding a gold ingot rather than just throwing the item on the ground!)
3) Improved the RemoveItemsOfType protection to block players from being able to place a Blacklisted block type if they were really fast and beat the item inventory scanner.
3a) Added messages to messages.yml for this updated check

Sooo paper originally claimed the piglin dupe does not work on any version of paper... However; I have been receiving multiple reports that this dupe does in fact work on paper. Thus I have enabled the anti piglin dupe to work on all variants of spigot.

Be sure to do a full restart after updating.

Sooo paper originally claimed the piglin dupe does not work on any version of paper... However; I have been receiving multiple reports that this dupe does in fact work on paper. Thus I have enabled the anti piglin dupe to work on all variants of spigot.

EDIT: Be sure you do a full restart with this update.

New Protections:
1) Fixes the new piglin dupe that is currently floating around youtube. It's painfully easy to do, and affects all 1.16 versions of Spigot.. Paper however is unaffected. ->

2) Prevents players from using beds to destroy blocks when they explode in the nether/end, which can be used as a cheap substitute for TNT while looking for netherite or for PVP.

3) Added a user requested feature to disable shulker checks on block place. WARNING: Enabling this feature will potentially allow players to sneak illegally stacked / enchanted items stored in shulkers into the game! ENABLE AT YOUR OWN PERIL.
https://github.com/dniym/IllegalStack/wiki/IgnoreAllShulkerPlaceChecks

Added protection against the lava dupe involving hoppers/hopper minecarts.

Bugfixes:
1) Fixed a couple issues that were causing console spam on some versions of spigot/paper.

Fixed Several Github Reported Issues:
#InventoryMoveItemEvent #68 -Fixed
#Excessive AIR protection #69 -Fixed
#NPE on player connect #67 -Fixed
#Permission Request BlockBadItemsFromCreativeTab #64
-Players with the illegalstack.admin will bypass this protection.
#Overstack permissions issue. #62
-Players with the illegalstack.removeitemsoftypebypass will bypass this protection.

Fixes a bug that would spam the console with removal of air messages in some versions.

Fixed a hopper detection bug that would sometimes occur if the hopper was partially empty.

Misc Updates:
1) Switched IllegalStack to use the latest version of ShopGUI+'s api.

Protection Changes:
RemoveItemsOfType -
a) You can now use item id's and data values for this protection (only affects older versions of minecraft).
b) Blacklisted items will now be detected when moved by hoppers, dispensers and droppers.

Overstacked/Illegal Enchants/Invalid NBT etc.
a) Hoppers/Dispensers etc will now be checked for these items to combat auto 32k and using illegal items via these mechanics.
b) Storage inventories will now be checked should help with xCarry and other related exploits.

BadAttributeProtection.
a) Better detects items with bad attributes, eg; increased health and such when these items are worn by a player```

Messages.txt - Added the following new messages to the configurable messages file.
a) HeadInsideSolidBlock "Stopped ~player~ 's head from being inside a solid block while in a ~vehicle~ @"
b) ItemTypeRemoved "Found a blacklisted item type: ~item~ in ~player~'s inventory, it has been removed"
c) CustomAttribsRemoved2 "Removed ~item~ with Custom Attributes worn by ~name~ (~attributes~)
d) GenericItemRemoval "~item~ removed by protection ~protection~, found on source ~source~"
e) StaffMsgUnderNether "~name~ has been killed for flying under the nether floor @"

New Features:
1) Added a new protection that detects and kills players who fly under the nether bedrock floor. KillPlayersBelowNether
2) Added a new protection to detect and prevent players from glitching their heads inside solid blocks using vehicles. PreventHeadInsideBlock

Bugfixes:
1) Fixed an issue with the shulker placement check that would throw an error on 1.10 servers.

2) Removed the placed shulker check on paper 1.13... For some reason this version of paper has an issue with this block of code. It will auto disable itself when Paper 1.13 is detected. ****If you are running paper 1.13 it is HIGHLY recommended you update IllegalStack immediately. ***

New Feature:
1) Added protection against players flying under the nether floor with elytra. Any player found flying under the nether floor will be killed if this option is turned on.

Bugfix:
Fixed a dispenser related issue affecting 1.12 and below servers.

Sadly it appears a couple of versions of the rail/carpet dupers do work in 1.16.. Since this has been an issue in one form or another since 1.12 I had hoped by now it was fixed on the server side.

This update enables rail/carpet duper protection on 1.16 servers.

Bugfix: fixed a bug that would cause an error when players tried to mount an entity on some older versions.

Fixed a bug with bedrock destruction detection that would not properly fix a headless piston in a couple of instances.

Fixed a bug with container checking that would error on versions < 1.11

Removed some old debug code that accidentally got left in.

Fixed an issue preventing villager trade cheesing from working properly in 1.16

Fixed 1.16 protections not showing up in /istack prot
Fixed an error with 1.8 with the new inventory checking code.

Fixed a bug causing 1.16 protections not to show up in the /istack prot list.

1) Fixed an issue with illegal items not getting detected inside shulker boxes placed by dispensers.
2) Fixed an issue that would sometimes throw console errors
3) Updated compatibility with DynamicShop's new version ( 2.11.1 )
4) Removed zero tick checking on an air block under a dirt/sand block in 1.15.2 versions as this form of zero ticking does not increase crop growth in 1.15.2
5) Added an option to destroy illegally enchanted items rather than fixing them.
6) Blocked minecarts from being able to get inside boats.
7) Added an option to disabling chests on mobs to include preventing players from taming/mounting them as well.

1.16 Update -
IllegalStack should now protect your 1.16 server *NOTE* please be sure and update your protocollib plugin.
The following old exploits are known working in 1.16
1) Tripwire Dupe
2) Villager Workstation Exploit


For more information about any of these features please see the wiki! https://github.com/dniym/IllegalStack/wiki/FAQ

Important:
Due to an update with spigot 1.16 it is now possible to equip donkeys/llamas etc with a chest using a dispenser, there's also a bug with this code that prevents us from being able to catch and block this. Highly recommend leaving on the new code that prevents these entities from being tamed/mounted.

Bugfixes:
1) Fixed a bug with /istack reload that would cause an error when the plugin was reloaded preventing config changes from sticking.
2) Addressed a memory leak issue

Other Changes:
1) Adjusted the permissions checking to give more control of illegalstack features to non-op staff members. You can now grant the illegalstack.help node to any player for basic access to the command.

illegalstack.admin -> reload the plugin, see the version, change protections
illegalstack.notify -> get notified of offenses and teleport to the locations.
illegalstack.enchantbypass -> allow users with this permission to have items that break the vanilla enchant limits.
illegalstack.overstack -> Allows users with this perm to have items in this list that are greater than the vanilla stack size.
***This really only is important if you want your mods to be able to teleport to offense locations, as long as they have the illegalstack.notify permission.

Changes:
1) Added some optimizations to protections that should cut down on some tps usages in the fTimer

2) Added a compatibility fix for users of the plugin Magic, IllegalStack will no longer remove items created by this plugin.

3) Added an option to punish players for trying to put chests on mobs more than once. This option is DEACTIVATED by default, but once turned on a player will be warned exactly once that chests are disabled on horses/donkey/llama etc, if they try again the animal will be destroyed, the player's inventory will be cleared and the player will be kicked from the server. Should cut down on people trying to come on your server and repeatedly put chests on animals. Please note if you turn on the punishment option it will for real for real delete the player's inventory.

Fixed an issue where the chested animal dupe protection did not extend to cover versions less than 1.12.

*Edit* also fixed an issue where there was a double detection message being sent.

NOTE* There is a video floating around showing a donkey being used to dupe with IllegalStack present. This issue was fixed back around April 20th please make sure you upgrade your IllegalStack to the latest version to ensure you're protected!

New Features:
1) Now prevents users from using dispensers to break End Portal blocks. This can be used to respawn the end dragon with only 2 crystals or completely destroy portals. -> Wiki Page

2) Added a user suggestion to launch items out of the end fountain when the dragon dies, before the portal spawns. This prevents items from vanishing when the portal spawns. -> Wiki Page

3) Added support for SaberFactions gui's.. Items detected inside these gui's will not be affected by overstack/illegal enchantment protections. If for some reason players manage to find a way to get items out of this inventory they would be destroyed / fixed as per usual IllegalStack behavior.


BUGFIXES:
1) Fixed a bug that would attempt to load protocollib classes at startup if protocolib was MISSING and chested animal protection was also disabled.

This update should resolve the issue of IllegalStack complaining about NBT Api not being installed. If you were having warnings / console spam this is the update for you.

For real for real fixes a bug causing console spam with on player join. Sorry about this shouldn't have happened.

BugFix:
1) Fixed an issue with console spam on player join. This is a feature I have been working on to prevent an exploit that allows players with hacked clients to ban other players similar to a shulker ban, but with a chest.

Problem on my end with this version, wasn't properly detecting 1.15.2 protections. Please update so the protections will kick back in!

Bugfix:
1) fixed an issue where some NBT based protections would not properly work on 1.13.. 1.13 now requires NBT API to be present on the server before these protections will work at all. Servers running 1.14+ do not need NBT Api.
2) fixed a niche issue with chested animal protection that would allow for a hacked client to bypass the protection long enough to duplicate a couple of items. This has been resolved, and thus we never recommend disabling this protection!
3) removed some debug code i left in by accident

Bugfix: 1) fixed an issue where some NBT based protections would not properly work on 1.13.. 1.13 now requires NBT API to be present on the server before these protections will work at all. Servers running 1.14+ do not need NBT Api.

2) fixed a niche issue with chested animal protection that would allow for a hacked client to bypass the protection long enough to duplicate a couple of items. This has been resolved, and thus we never recommend disabling this protection!

Bugfix:

Fixes an issue with the nether portal trap detection that was not properly detecting nether portals in all versions. This meant that in more modern versions the detection was not functioning but it was in older versions. Sorted now!

New Features:
1) Updated bedrock breaking protection to protects against the new 1.14/1.15 bedrock breaking glitch.


Bugfix:
1) Fixed a bug with 1.15 servers that would cause villager discounts to not display.

New Features:
1) Added a protection against the looting exploit. This exploit allows a player to receive looting bonus' For example player holds a looting 3 sword in their offhand, then uses a bow to kill a creature. The enchantment is applied from the offhand item rather than the bow that actually dealt the death blow.

2) Added a new server crash protection, this exploit crashes the server if a player is far from the end island ~1 million blocks and drives a boat (or other vehicle) into an end gateway. This protection will remove any vehicle that a player drives into a end gateway.

Protection Modification
1) Modified the way villager restock protection is tracked, it appears there's a bug with minecraft that if the restock is simply cancelled the villagers can lose their discounts. IllegalStack does NOT modify villager discounts or prices in any way, this new method should prevent the issue from happening.

Fixed a bug with trapped portal detection that would result in a console error on servers that were older than 1.13

Fixes an issue with the new trapped nether portal protection. If you are running version 2.1.0e please upgrade to this version.

1) Added protection against nether portal traps. This protection will break the nether portal blocks if a player becomes trapped inside it. Typically this happens when another player builds a wall on both sides of the portal, the unsuspecting player teleports through a portal and can't return, type commands or break blocks. This protection checks for a valid exit whenever a player has been standing inside the portal for 10 seconds, OR whenever they log in. Thus any players that were trapped will be freed, so that they can mine/teleport/use commands etc.

Bugfix: 1) Fixed a bug that would prevent the zombification chance from functioning if the VillagerCheesingProtection was disabled. While these are similar protections they are different enough that you may want to allow the workstation exploit while still preventing the cure/infect exploit.

1) Added protection against nether portal traps. This protection will break the nether portal blocks if a player becomes trapped inside it. Typically this happens when another player builds a wall on both sides of the portal, the unsuspecting player teleports through a portal and can't return, type commands or break blocks.

This protection checks for a valid exit whenever a player has been standing inside the portal for 10 seconds, OR whenever they log in. Thus any players that were trapped will be freed, so that they can mine/teleport/use commands etc.


BUGFIXES:

1) Fixed a bug that would prevent the zombification chance from functioning if the VillagerCheesingProtection was disabled. While these are similar protections they are different enough that you may want to allow the workstation exploit while still preventing the cure/infect exploit.

New Protection:
1) There is a glitch that exists that allows players in beds to remove items from GUI's if they are in a bed. This may not affect all plugins but it affects a significant amount of plugins with gui's if they do not specifically check to see if the player is in a bed. This means if there are shop items or op items for sale a player could simply take them from a GUI if they are able to open it while in a bed. This new protection disables ALL commands while a player is in a bed and is on by default. It also prevents any inventory window from being opened while in a bed.

Bugfix:
1) Fixed a bug that was preventing some 1.15 protections from working properly.

Fixed a bug that was allowing a couple zero tick farms to work in 1.15

Fixed a bug that was preventing villager cheesing protection from working on 1.15 servers.

New Features :
1) Now protects against the 1.15 tripwire dupe exploit (enabled by default) ( )

2) A user requested feature to remove ALL renamed items has been added more information available on the wiki: https://github.com/dniym/IllegalStack/wiki/RemoveAllRenamedItems

3) There WAS another bug with CMI's shulker code ( the one that lets you open a shulker without placing it) that allows players to put shulkers inside shulkers. This bug has been fixed in a recent update to CMI, all users are urged to update to avoid nested shulkers.

Fixed a bug that was checking for offhand items in really old versions of 1.8.. (1.8.2 and below) now all versions of 1.8 should be supported.

Sorry for the multiple uploads, meant to fix an issue in plugin.yml and changed the wrong one. This should be tip top.

Sorry, made a mistake in the plugin.yml, all users using 2.0.10 should use this version instead.

1) Removed minecart's from the pushable entity lag machine check, as this is already handled if you have prevent minecart glitching turned on. This was just a redundant check and basically if you have either protection turned on the other is not needed.

2) Set the permission for enchanted item bypass to no-one, this did default to OP. If you wish for ops to be excluded from this check simply grant them the illegalstack.enchantbypass permission. The reason for this as it would cause confusion as to why the items weren't removed when opped players held them.

3) Added the command /illegalStack fix this will force check an item for illegal enchantments and bad attributes and fix the item you are currently holding in your main hand. This feature operates independently from the automatic IllegalEnchantment protection. If you have FixIllegalEnchants ON this command should never be needed.

1) Added a customizable message for the "appears to be auto fishing" it is now located in messages.yml
2) Fixed an exploit that allowed players to bypass the nether roof protection using minecarts.

1) Fixed a bug that would prevent a couple of 1.15 protections from working properly, namely villager cheesing fixes and the zombie transform chance protection.

2) Fixed a bug with the nether ceiling exploit protection that would not check for custom nether ceiling height values.

3) Added a user requested feature to disable cobblestone generators, when active lava flowing into water will not produce cobblestone.

1) Fixed a bug that would prevent a couple of 1.14 protections from working in 1.15 namely, villager cheesing protections. These exploits slipped by and should now be working as intended.

2) Added a user requested feature to prevent cobblestone generators, lava flowing into water will not produce cobble if this setting is enabled.

1) Fixed a bug with 1.12 that would throw a console error when ender pearls were used on the server.
2) Fixed a bug that would prevent SpamFishing Protection from properly toggling off.

ISSUE
3) currently there's a bug with the spigot api that prevents me from detecting when a villager transforms into a zombie villager. I have made spigot aware of this but for the time being the VillagerZombificationChance protection will NOT WORK. I recommend dropping your difficulty down to anything other than HARD if you have players exploiting this bug! (Should only affect 1.15 users)

Bug Fixes:
1) Fixed a bug that would throw a console error related to anvils in 1.8 at startup.
2) Fixed a bug with the BlockRepairsInstead protection that would remove the item rather than preventing it from being repaired as expected.

New Feature:
1) Added the option to limit the number of pages in a book. This defaults to zero meaning it's not active. If set to anything other than zero, any books found with more pages than the specified value will be removed regardless of their content.

1) Should support ProCosmetics items now (verification needed I don't have the plugin)
2) Added an option to adjust the delay between item scans.
3) Further expanded crammed entity protection to include Armor Stands, Minecarts etc in addition to End Crystals.

This update addresses an issue that would throw a console error when players joined the server and NBTApi was missing. This should clear up that error.

Added support for Spigot/Minecraft 1.15

*NOTE* The following 1.14 only exploits have carried over into 1.15
Zero Tick Exploits, Villager Trade Cheesing, Villager Restock Time Exploit, Rail / Carpet Dupers, Villager Zombification Exploit.

Additionally the following long standing multi-version exploits are still confirmed working in 1.15 (likely to never be fixed by spigot)
All Nether/End portal dupe methods, Bedrock Destruction, TNT Dupers


Plugin Changes:
1) Reworked a couple of protections to use spigots NBT Api when possible, a few features still will require the use of NBTAPI (eg shulker box banning). This is because Spigot's api won't let us access the vanilla NBT Data only custom nbt data.

I accidentally uploaded a dev version of 2.0.8b instead of the final one, the previous version does work however it includes some debug code that was unintentionally left in.

Added protection against end crystal cramming with pistons.
https://github.com/dniym/IllegalStack/wiki/PreventEndCrystalLagMachine

Added an option to named item removal to prevent enchantment of a item matching a specific name/lore https://github.com/dniym/IllegalStack/wiki/BlockEnchantingInstead

Added an option to named item removal to prevent repairs of a item matching a specific name/lore https://github.com/dniym/IllegalStack/wiki/BlockRepairsInstead

Added 3 new messages to messages.yml for the above protections.

Added protection against a new variant of Zero Tick Farm -> http://cdn.hexedhero.com/u/IeKf3c0iDp.jpg

Added a compatibility check for ClueScrolls plugin (requires NBT API)
https://www.spigotmc.org/resources/nbt-api.7939/

Fixed a bug that would prevent players from being able to use Nether Portals in the overworld above Y=128 (or whatever custom value you had set)

Added protection against the Vibrating Block crop growth exploit (similar to the zero tick exploit).
https://github.com/dniym/IllegalStack/wiki/PreventVibratingBlocks

Added protection against projectiles being fired/thrown into bubble columns, which can be used to create lag if mass amounts of them are launched into the column.
https://github.com/dniym/IllegalStack/wiki/PreventProjectileExploit

Bugfixes:
1) Fixed ender pearl phasing detection from enabling on 1.8 servers. The detection requires methods that do not exist in 1.8 versions of spigot API.

2) Fixed RNG Exploit enchant enabling on 1.8 servers this protection also requires the use of methods that do not exist in 1.8 spigot.

Fixed a bug that would prevent IllegalStack from loading properly on 1.8 servers.

1) Added support for ShopKeeper npc's IllegalStack should ignore the shopkeeper NPC's and no longer flag parts of their GUI as invalid.

2) Added protection against the Piston/Observer/Armor Stand lag machine, this design uses a ton of pistons and armor stands to lag the server, the fix simply prevents pistons from pushing armor stands upwards. There should be no real reason to ever need to push an armor stand straight up and let it fall back down.

Bugfixes:

1) Fixed a bug that would erroneously remove a hopper if the item transfer was blocked by a locking plugin such as lockette.

New Features:
1) Added protection against players using enderpearls to phase through glass blocks. There is a notification for this protection however it is OFF by default as it can be kind of spammy if players are hurling pearls all over, their teleport is not stopped however their location is set to the center of the block rather than where the enderpearl hits to prevent them from being able to phase into/through glass blocks.
https://github.com/dniym/IllegalStack/wiki/PreventPearlGlassPhasing

Bugfixes:
1) Fixed an issue with offhand overstacked items and the overstack permission that would remove overstacked items in the offhand.

2) Fixed the RNG exploit code to properly toggle off if disabled.

3) Fixed an issue with the InvalidPotion detection that would remove renamed water bottles erroneously

New Features:
1) Now protects against a lag exploit that involves swapping offhand items very quickly causing clients to lag out / disconnect.
https://github.com/dniym/IllegalStack/wiki/PreventPreventItemSwapLagExploit

Bugfix:
1) Fixed a bug for real for real this time, that would prevent items in the groupstack list from being properly detected in all instances.

New Feature:
Prevents the no-rocket unlimited elytra boost glitch. This glitch is painfully easy to do and allows players to ascend to insane heights above the build limit,only limited by the number of elytra they can carry!
https://github.com/dniym/IllegalStack/wiki/PreventInfiniteElytraFlight

Video:

Also added 2 new configurable messages to messages.yml for this exploit.

BugFix:
1) Fixed a bug that would cause items put in the groupstack whitelist to still be removed when they shouldn't
2) Fixed a bug that would check for the enchantbypass permission when no enchanted items were held by the player.

New Features:
1) Option to remove uncraftable/bad potions from player inventories. Potions obtained with the /give command such as potions of instant death, (healing potion with an amplifier of > 124) that can kill players even in creative. WIKI

2) Option to remove the unbreaking flag from items. Will remove the Unbreakable flag from items held by players (unless they have the bypass permission). Items can typically only have this flag set via a plugin or the /give command. Items with unbreaking will take zero damage ever, *OFF BY DEFAULT* if you wish to have this flag automatically removed enable this protection. WIKI

3) Option to remove AttributeModifiers from items. Will remove ALL custom attributes found on items held by players (unless they have the bypass permission). This is useful for getting rid of sticks with +1000 damage or insta death helmets that have been previously cheated in.
**NOTE** if you are running a server version earlier than 1.13 this protection will not work unless you also have NBT API
installed and running on your server.

Added the following new messages to messages.yml

Fixed a bug with the RNG Enchant exploit code that could throw a console error in a few special instances.

1) Added an option for fixing Illegal Enchantments to specify a custom level override, this means you can override the vanilla maximum for a specific enchantment to a level you specify. Eg. Sharpness.10, this would only fix items with sharpness 11 and above.

https://github.com/dniym/IllegalStack/wiki/CustomEnchantOverride

2) Added protection against the RNG Enchant exploit. This exploit allows players (using a cracker program) to predict and select specific enchantments to a given item. This protection defeats this exploit.

https://github.com/dniym/IllegalStack/wiki/PreventRNGEnchant

Fixed a bug with the new invalid shulker protection that would sometimes throw a console error when a player logged in.

Due to multiple people asking if this was OP only or a permission I have changed the OP Bypass for FixIllegalEnchantments from OP only to a permission. This is useful if have specific players that you don't mind if they have illegally enchanted items.

The option and config value have changed from AllowOpBypass to just AllowBypass, you'll still have to have this set to TRUE before op's or players with that permission can have the illegally enchanted items! The wiki has been updated to show these changes. https://github.com/dniym/IllegalStack/wiki/FixIllegalEnchants

1) Added protection against shulker boxes with invalid data, these boxes appear to have about 700ish items worth of NBT data in them, and if a player has several of them in their inventory they are unable to log in. This is a lot like the sign/book ban however the shulker boxes alone appear in game to be perfectly fine. These boxes can also be dropped on the ground effectively "book banning" anyone who tries to log in near them even if they don't have them in their inventory. Before IllegalStack can detect these shulker boxes you'll need to have https://www.spigotmc.org/resources/nbt-api.7939/ Installed and running on your server! Sorry about needing a secondary plugin however this exploit can potentially be done on any version with shulker boxes and requires a LOT of NMS code to make it cross version compatible.

2) Added protection against the Hopper + Dropper/Dispenser loop dupe. I have been unable to actually reproduce this on a live server however I have received several reports that is is working in 1.14.4 both paper and spigot. Hence this protection can detect a hopper/dropper loop and break the machine.

3) Added an option for FixIllegalEnchantments to allow OP's to bypass the check. Thus opped players can create items with otherwise Illegal Enchantments as long as this option is turned on. If a regular non-op player takes the item, it will be fixed as usual. This protection is OFF by default.

Fixed a bug with the code that updates config.yml

New Feature:
1) Added an option to the FixIllegalEnchantment protection to allow it to ONLY function in specific worlds. Thus if you've had some items with bad enchantments appear in a world you can target the protection only in that world.
https://github.com/dniym/IllegalStack/wiki/OnlyFunctionInWorlds

Bugfixes:
1) Fixed a bug that caused the IllegalEnchantment Detection code to ONLY detect invalid enchants if the enchantment level was > the max level of that enchant. Now invalid enchantments are properly detected if they are applied to an item they shouldn't be.

2) Changed the BlockBadItemsFromCreative code to ignore OP's as op's have access to the /give command this should prevent items with meta from being blocked when they shouldnt.

1) Fixed a bug that would prevent server admins from toggling a child protection from the in game editor.

2) At the request of several users I have changed how IllegalStack's config.yml file was laid out, to better mimic the in game editor's behavior. As of version 2.0.4a and beyond the configuration will ONLY generate config values for protections that are relevant to your server version.

This means if you're running a 1.12 server and there are protections that ONLY affect 1.13 or 1.14 or 1.8 those values will not show up in your config, your old configuration will be renamed config.OLD so you can go back and update the new configuration accordingly.

What this means for the future is when a new exploit is found it will go into an appropriate section and options will be grouped with their parent protection. This will keep the config MUCH neater and new options won't just go to the bottom of the config like in previous versions.

It also means if you upgrade server versions, say from 1.13 to 1.14 any old protections will be disabled and removed, and 1.14 specific protections will be added into the configuration automatically.

The goal of this new system is to prevent you from ever needing to delete and regenerate your config.yml ever again.

1) Reorganized the way protections are done internally
2) Fixed a bug that would sometimes cause protections to show up available for versions that they weren't entirely applicable.
3) Removed some redundant code in a couple of checks that wasn't needed.

Fixed a bug with the ZombieTransformChance that was not properly checking the configured chance in all instances.

1) Reworked the way the /istack prot command works, now you'll see a more condensed list with some links for showing/hiding other protections. I also created a category for lesser used / user requested features to as they aren't generally used by everyone. This keeps the /istack prot command page a bit more managable imo.

2) Fixed a bug with villager cure chance, it now accurately works if set down to a lower number say 2%, and if set to 0% will NEVER allow a villager to transform.

3) Added a user requested feature to change a spawner type to a pig spawner when broken. This is useful if you have a silk spawner plugin on your server but odd spawner types you don't want players to mine. EG if you had a shulker spawner, in the end, and didn't want players to silk touch it and bring it into the regular survival world.

1) Reworked the way the /istack prot command works, now you'll see a more condensed list with some links for showing/hiding other protections. I also created a category for lesser used / user requested features to as they aren't generally used by everyone. This keeps the /istack prot command page a bit more managable imo.

2) Fixed a bug with villager cure chance, it now accurately works if set down to a lower number say 2%, and if set to 0% will NEVER allow a villager to transform.

3) Added a user requested feature to change a spawner type to a pig spawner when broken. This is useful if you have a silk spawner plugin on your server but odd spawner types you don't want players to mine. EG if you had a shulker spawner, in the end, and didn't want players to silk touch it and bring it into the regular survival world.

1) Added the option to adjust the height of the nether ceiling checks. If you're using a custom world generator plugin this will allow you to tell IllegalStack what the custom height of your nether ceiling is so that BlockPlayersAboveNether will work with a custom nether.

This option defaults to 128, any players at or above that level will either be prevented from teleporting or teleported back down if they move above this level.

config:
Settings.NetherYLevel: 128

in game:
/istack value set NetherYLevel 128

Made another change to combat the food dupe exploit.

Fixed food/consumable dupe by offhand item swap exploit.

1) Changed the food dupe detection to better prevent the food dupe from being possible, this exploit has been allegedly been patched in 1.15 however still seems to function in the latest versions of 1.14.4

***NOTE**** The previous version had a notification whenever a food/consumable dupe was detected, this version which offers a much better protection method just prevents the mechanic that allowed this dupe to happen in the first place, thus there is no longer a message sent when it's blocked.

2) Fixed a bug that would sometimes cause a console error with books that do not have an author.

It is possible to very easily dupe any stackable consumable item in 1.14.4, this includes food, potions, chorus fruit, milk etc. I have not found any evidence of this working in 1.14.3 or less. If you are running paper they have already patched this exploit but it is confirmed working in the latest spigot build.

1) Added a configurable message to Messages.yml when a player is spam fishing.

2) Added the ability to whitelist ALL items in the GroupStack[] list by adding an * to the list. This will allow overstacking of ANY item for ANY player who has the "illegalstack.overstack" permission. Useful for admins looking to create multiple copies of multiple items.

To enable this feature in game use:
/istack value add AllowStackForGroup *

Fixed a bug that would prevent 1.12 version specific protections from enabling properly. You'll most likely need to specifically re-enable these protections if your server was affected by this bug.

use /Istack prot to see which protections are enabled, and which protections are disabled!

1) Fixed a bug that would throw a console error if an invalid enchantment level was found on an item that could not be legally re-applied to the item.
2) Added an option to exclude a nether world from the nether height check. This should only ever be used if you have a nether world with a non standard ceiling height. For example a bSkyBlock nether world. ONLY nether worlds will matter on this list, if you use a normal or end world in this list it will be ignored by the height check anyway.

1) 1.14+ Added an option to the Villager Trade Cheesing Protection to allow server owners to limit the number of times between villager restocks. This is because there's a vanilla bug in 1.14 that allows villagers to restock nearly instantly multiple times per day.

https://bugs.mojang.com/browse/MC-157136

This bug is listed as fixed however no update has been pushed out yet, so we may not see the fix until 1.15!

2) Added support for two 3rd party shop plugins, (DynamicShops and CraftingStore) IllegalStack will ignore these plugins breaking the Over vanilla stack limits in their GUI's as they don't actually give players IllegalStacks of the item they only use them as a visual representation.

3) (1.11+ ONLY) Added a fix for users being able to bring items with unnatural NBT data from a single player world into a Multiplayer world (provided they had access to gamemode creative) This fix is only really relevant if you have players with access to GMC but NOT /give, players could still use /give to bring in items with funky NBT data if they have access to it.

1) Fixed a bug that wouldn't properly enable villager zombification at 100% chance when upgrading from a previous version.
2) Fixed a typo with carpet duper detection that wouldn't properly format the location for in game notifications.

In 1.14 if your server difficulty is set to HARD zombies have a 100% chance of being infected if killed by a villager, therefore it is possible for players to infect/cure villagers over and over to stack discounts until the villager trades everything for 1 emerald.

A new setting has been added to the config: ZombieVillagerTransformChance: 100

This setting defaults to 100, so you'll need to change it if you want to alter this vanilla behavior. Setting it to 60 or so means theres a 60% chance the villager will be converted to a zombie upon death. (ONLY ON DIFFICULTY HARD) This means that players abusing this game mechanic will have to risk losing the villager completely if they try to turn the villager into a zombie and back over and over. This does NOT alter the cure rate it only reduces the chance from the vanilla 100% to succeed.


Also fixed a bug with the chested mount blocking code that could be used to duplicate saddles. Please upgrade to this version if you have: DisableChestsOnMobs: true in your config!!!

Fixes a bug that would allow the duplication of saddles with chested mules/llamas etc please update to version 1.9.9b immediately.

Fixed a bug in 1.14.4 that would allow for a new variant of the rail duper.

Added a user requested feature to notify players within a 10 block radius of a location based offense. This feature is OFF by default you can enable it in game by using /istack toggle NotifyNearbyPlayers

A configurable message has also been added to Messages.yml -> PlayerNearbyNotification

Got a quick bugfix, carpet/rail duper protections were acting up on 1.13 servers.. NOTE if you were affected by this bug or running 1.13 please be sure to do /istack prot in game to verify that the protection is turned on after updating IllegalStack, as it may be turned OFF

Added support for items enchanted with /glow by the EpicRename plugin, these items will no longer be flagged as illegal by IllegalStack. (REQUIRES EPICRENAME TO BE RUNNING ON THE SERVER).


Added support for Slimefun, now IllegalStack will compare enchants given by Slimefun and if they're larger than the vanilla values they will no longer have their enchantments reduced to vanilla values. (REQUIRES SLIMEFUN TO BE RUNNING ON THE SERVER).

Updated the plugin to ignore illegal enchantments from items that are boosted by mcMMO abilities, ie GigaDrill and the like.

Added the ability to change items added to the : Settings.AllowStack[] list from a WHITELIST to a BLACKLIST, useful if you only want to prevent a few items from being overstacked. This list defaults to a WHITELIST, and can be changed by setting the setting:
Settings.StackWhiteListMode: FALSE, or by using the in game config editor /istack and clicking on the RemoveOvestackedItems category.

Further Explanation:
Say you ONLY want to prevent diamond_helmets from being overstacked while allowing everything else, the config values you would need to change would be:

This would instruct IllegalStack to treat the AllowStack list as a BLACKLIST instead of a WHITELIST, and remove ONLY overstacked Diamond Helmets... Keep in mind if you change your mind later and want to revert back to original functionality you'll have to set StackWhiteListMode: to true, AND remove anything you've added to the AllowStack list or IllegalStack will think you want to allow those items to be over stacked.

Took care of a couple bugs and added a couple new features!

1) Fixed a bug with 1.14.3 VillagerTradeCheesingProtection that would prevent new villagers from ever being able to pick up a trade. Now a villager can change professions as many times as desired UNTIL a player opens a trade window, once that happens the villagers trades will become locked.
2) Fixed a bug that only affected minecraft 1.10 users that would prevent players from being able to pick up items off the ground.
3) Added a user requested feature to allow IllegalEnchantments for very specific items. To add a specific item to the whitelist do the following:
a) Turn off Fix Illegal Enchantment Levels (/istack toggle FixIllegalEnchantmentLevels)
b) get a copy of the item you want to whitelist hold it in your main hand.
c) use /istack enchantwhitelistmode (to enable/disable whitelist item copy mode)
d) left click with the desired item in hand, it will be copied to the whitelist including lores, name and enchantements
e) re enable FixIllegalEnchantmentLevels (/istack toggle FixIllegalEnchantmentLevels)
4) Added a user requested feature to toggle set up EndWhiteList and NetherWhiteList as either a WHITELIST or a BLACKLIST, whenever EndWhiteListMode is set to false, the whitelist will behave as a blacklist, meaning any entities added to the list will be BLOCKED rather than allowed to pass through the portal.

1) Fixed a bug that would cause chested horses to be checked for in 1.8 even though those mobs don't exist
2) Fixed a typo in messages.yml it should auto fix your messages.yml provided you're using the misspelled version.
3) Fixed a bug that would send InGame notifications to players with the notify permission node even if notifications are turned off.
4) Fixed a bug with book detection that would throw an error in some very odd circumstances.
5) Cleaned up the /istack prot command it should now only show protections that are actually relevant to your server version.

Prevents a 1.14 glitch that allows players to hold a Silk Touch book in hand, and break a block. This will cause the block to drop as if a silk touch TOOL was used on the block, meaning items like glass, ice etc can be quickly mined without having a properly enchanted tool.

http://prntscr.com/obf8de

The new protection will prevent the block from being broken and send a message to the log/staff.

Fixed a bug that would sometimes throw a console error when when anti villager trade cheesing was on.

IllegalStack has a couple of options that should be used with care these two options are :
Settings.DestroyBadSignsOnChunkLoad:
Settings.RemoveExistingGlitchedMinecarts:

These two settings are very special case settings and should only EVER be used if you have
A) Signs that were put in with a hacked client < mc.1.11
B) Minecarts that are glitched inside blocks

There will be very few server owners that ever need to turn either of these options on. This update will now post a warning message to the log if they either of these two are turned on via the config, and it will also automatically disable them when the plugin shuts down. If you need to use either of these two you'll have to enable them every restart, again they should only ever be used if you FIND that specific problem on your server, as scanning each chunk for something on the tiny chance it might have been affected by one of these exploits is really not a good idea.

Fixed a bug that would throw a console error whenever a player joined the server.

Added the option to blacklist specific material types, simply add the material type (eg bedrock or Structure_void) to the RemoveItemsOfType: [ ] list whenever they are found in an inventory they will be removed. This does NOT affect Opped players or placed blocks.

1) Fixed a bug with named item removal that would only remove an item if it was an EXACT match during item scanning. Now items should be removed without the player having to click on the item.

2) Added a protection against hacked clients and chested horses/donkey/mule/llamas, This exploit is reasonably hard to protect against, when players are using a hacked client. With this protection enabled, chests will be totally disabled on horse/donkey/mule/llama etc. Players will be prevented from adding chests to the horse and any existing chests will be removed if the player clicks on the horse. Any items that are already inside the chest will spill out on to the ground. *note this protection only affects versions 1.11 and above.

2a) added customizable messages for chest prevention and removal on these mobs.

Added the ability to edit the [IllegalStack] - message that prepends all illegal stack messages in chat / in the logs. (There are still a few that show up this way but it should be most all that normal users will see).

The prefix is located in messages.yml, Also stripped color codes from being sent to the console.


Added a feature to look for and fix enchantments that are larger than the vanilla enchantment level. This feature is OFF by default as some custom enchantment plugins do make enchantments that aren't technically legal. However if you have any crazy level 500 sharpness swords then this setting is for you!

Fixed a bug that would cause a shop with the name "shulker" in it to have its contents removed. It should now only remove shulkers if the inventory type is actually a shulker box.

The CMI protection may still trigger this if you have a shop named shulker AND CMI installed however so if this is the case please let me know!.

Added a new variation of carpet duper to the detection code, should properly detect and block all known variants now.

Fixes a console error when using /istack prot on some paper spigot servers.

Fixed a bug with invalid charset on book detection that would throw a console error if a book didn't have an author.

Added in a user requested feature to remove items with specific lore values. Items can be added to: Settings.ItemLoresToRemove []

This is a subset of the Settings.RemoveItemsMatchingName option, unless this option is ENABLED lores will not be checked. This feature is useful if you've had items glitched out of a shop GUI, for example if players grabbed a beacon out of a shop gui and the item has the sell prices, you can add that sell price to the lore check to have them automatically removed.

There is also the option for strict checking which will require an EXACT match including color codes.



Bugfix: Fixed a bug with 1.14.2 villager cheesing, all 1.14.2 users should update to this version.

BugFix: Fixed a false positive with double piston extenders that would flag these mechanisms as carpet/rail dupers. This bug is fixed and double piston extenders should now work normally.

Removed the villager swim exploit check for version 1.14.2 as it has been fixed by mojang in vanilla 1.14.2, if you are still using < 1.14.2 the check will function normally.

Another variation of the zero tick glitch has been found, all users running a 1.13+ server should update to remain protected!

Added the ability to allow a specific group to overstack items.

If you give a user/group the illegalstack.overstack permission, they can then possess items that are larger than the vanilla stack limit to items added to the Settings.GroupStack [] list, you can add items to this list via the config.yml or the in game config editor (/istack prot command)

for example if you add a totem to the Settings.GroupStack list, any user with the illegalstack.overstack permission will be able to hold a stack of totems of any size.

HOWEVER; if a player with this permission drops, or puts those overstacked items into a chest and another player accesses the chest those items will be removed normally. So please warn your players accordingly if you use this feature.

Overstacked Item protection now has the option of fixing the stack instead of just removing it. This setting is disabled by default and can be turned on in the config.yml or using the in game settings editor. /istack prot

There is also a configurable message in the messages.yml file.

Fixed a bug where players could get stacked items out of a chest/shulker/other inventory by pressing Q to drop the item without picking up the entire stack. Items will be purged / checked whenever an inventory is opened now.

This bug affects all versions and everyone should upgrade to the latest version.

Fixed a bug where changes to the messages.yml file were not loaded back with /istack reload.

Fixed a bug that would re-add messages to the config.yml (where they were previously stored) after the plugin has deleted them.

1) Fixed a bug that would not let users edit the config.yml and use /istack reload to load the changes. You should now be able to use both the in game editor and edit the config.yml directly.

2) Customizable messages have been added. When you update to 1.9.2 a new file will be created inside /plugins/IllegalStack named messages.yml, inside you'll find all messages sent to players & staff by this plugin. You can translate them, or change them to your liking including using color codes.
Please NOTE: if you use a : or apostrophe (single quote)' you'll need to make sure the entire value is enclosed in single quotes ' or you may get some unexpected results!

Several placeholders have been added, you can use these placeholders to move specific bits of data around inside the message; for example the ~name~ placeholder, usually refers to the player who triggered the offense. As long as you include ~name~ somewhere in your custom message it will be replaced with the actual player's in game name.

Please note. Not ALL protections / messages support all placeholders, for example if you try using ~name~ in a hopper message, you'll not get a player name because there was no player involved!


3) When you start up the plugin on the new version all customizable messages will be REMOVED from config.yml. These messages have been moved to the new messages.yml.


4) All messages that players/staff see should now be editable by server owners (if so desired) Currently you just need to edit the messages.yml file and reload / restart to apply the changes. If there's people who would like to be able to edit these in game like the actual protections I will add this if requested.

Fixed a bug that would throw a console error on 1.13 servers with the zero tick detection. Should be all good now!

There are now 4 growable materials that can be used with the Zero tick exploit to grow them insanely fast. I have updated IllegalStack to now protect against these exploits.

Breaks zero tick Cactus, Sugarcane, Bamboo and Chorus Fruit contraptions. This does not appear to work regular crops such as pumpkins, melons, wheat, potato, carrots etc, currently kelp is not affected by this glitch. I will be adding protections in for other blocks as they're discovered.


Also made a change to the in game config editor, it should now work with any spigot (or paper) or other build that supports MD5's chat components.

*Added the ability to edit config settings in game without having to manually change them in the configuration.

*overhauled the entire protection setup internally to make expansion easier in the future.

* If you use spigot version 1.12 or greater the configuration is super easy as I've made use of clickable chat components in the help command.

http://prntscr.com/nqesk4

Enabling/Disabling a protection is as easy as clicking the text in chat near ON/OFF, and if an option needs user input it fills in the command for them.

Recompiled the plugin and tested some exploits today to see what 1.14 exploits were working. I was also made aware of a new carpet duper that works in 1.14 but NOT 1.14.1. Therefore I am going to leave the 1.14 protections enabled until things are a little more finalized and stable. I will mark below what should be fixed in 1.14.1 but there is no guarantee that the exploits will STAY fixed. To be on the safe side you may just want to leave them enabled for now.

1) Villager swim exploit : FIXED in 1.14.1
2) TNT Duper: WORKING in 1.14.1
3) Villager Trade Cheesing Exploit: WORKING in 1.14.1
4) Rail / Carpet Dupers: Appear to be FIXED in 1.14.1 (but were fixed previously and came back in 1.14)
5) 0 tick piston farms: WORKING in 1.14.1
6) Portal Duping; WORKING in 1.14.1
7) Bedrock Removal / headless Pistons: WORKING in 1.14.1

Added the ability to edit the message sent to players if DisableBookWriting is enabled.

It can be found in your config.yml under:
Added the ability to disable the plugin on specific worlds..
****WARNING**** Using this option completely removes ALL checks and protections in the world(s) added to the config. This means if you do add a world here it is HIGHLY recommended that you do not allow players to transfer items between the disabled world and your protected worlds. If a glitch exists on a server, and the protections are disabled for a specific world. Then players can go to that world, dupe items then return unless you are quite careful. Add worlds to the DisableInWorlds[] list ONLY if you are sure players can not transfer exploited items to your protected worlds.

Fixed a bug that would cause a message to be shown to players incorrectly that book creation was disabled. If you are using 1.8.5a please upgrade immediately.

Fixed a bug that would falsely detect a minecart being glitched into a block in some legit farm instances. Re-wrote the detection code so it will better detect actual glitched minecarts and not trigger falsely. (all versions)

Added another method for detecting carpet dupers in 1.12-1.13.2

Added the option to completely disable player book creation on the server. (This option is OFF by default)

To prevent players from writing books at all change
DisableBookWriting: false To DisableBookWriting: true

Added a command to reload the configuration without restarting the server, this command defaults to OP permission, but the permission node is:
IllegalStack.help (this is the only command in the plugin at the moment, when more are added more specific perms will be added as well)

To reload your config simply use /istack reload, using /istack with no arguments will give you a list of commands. (Currently only the reload command).

Fixed a bug that caused the rail dupe protection to stop working in 1.12. (sorry about that). This update only affects 1.12 servers!

Fixed a bug that would throw a console error if Shulker Checking was enabled and a player tried to open a horse/mule/llama inventory (these inventories do not have titles)

Added protection against tnt dupers that do not use minecarts / rails.. In doing so I found a better way of detecting all of them. This will prevent the tnt from being lit at all rather than destroying the machine it will just silently stop the machine from duping the tnt.

Since 1.14 carpet and rail dupers have been fixed so these two are now separate protections.

and

Rail/Carpet duper protection is now only needed if you're running 1.12 - 1.13

Fixed a bug that would throw a console error if a player was using the rod to pvp, or to hook entities and not actually fishing.

Fixed a bug that would throw a console error if a player had been blocked from a fishing spot then changed worlds and tried to fish again.

In the previous version (1.8.3) if a villager was swimming the water block was removed in order to block the trade. This morning I discovered a cleaner way to do this without having to remove the water block that did not cause any other issues.

Both ways work this way just does not affect blocks on the server.

This update ONLY affects 1.14 users, so if you're not running 1.14 no big rush to update.

Now protects against the swimming villager / merchant exploit. Once a villager's trades are locked in and they start offering a player discounts; if the villager starts swimming or is standing in a water block, EVERY SINGLE TIME the player opens/closes the trade window, the discounts will get better, until the player gets the best possible deal from the trade.


The exploit is showcased about 2:30 seconds in.

Due to a couple limitations/bugs in the spigot API a clean fix is not possible at this time. I have worked out a solution, which removes the water and stops the player's inventory from opening. They will be completely unable to trade with a swimming villager and can't keep increasing the discount. I will improve this once a better solution is found but for now it should keep you safe!

Fixed a bug that would sometimes throw a console error when an entity tries to pass through a end portal.

Added protection against client side mods that mimic player fishing. This protection is different than the afk spam fishing protection. Most of the fishing mods simply re-cast the lure in the same spot over and over again. This protection tracks the location of the lure each cast and once the code has detected they're landing in the same spot over and over again one of two actions are taken depending on the configuration values...

1) Default action: Notify Staff and block any further fish from being caught in that location. This simply blacklists the location where the mod is catching fish over and over (kicks in after 5 by default). The player is not notified however further catches in this spot will be prevented, if the player moves a tiny bit the lure will land in a new location and fishing can resume. This should avoid most false positives if a player is normally fishing as the detection range for the location is very small, the slightest wiggle of the mouse will produce a new location.
OPTIONS:
a) Settings.WatchForAutoFishMod: true #turn on the code that watches for auto fish mods.
b) Settings.FishMod.MaxFishToNotifyStaffThenBlock: 5 #Increase this value to allow more fish to be caught before the location is blacklisted.

2) Kick Mode: Instead of notifying staff of the potential fishing mod, warn the player then kick them if they continue to fish in that spot. This option will issue a warning if they continue to catch fish in the exact same spot over and over, if they catch another fish in that spot after the warning they will be kicked on the next fish caught. Again a slight movement of the mouse will reset this count and they will NOT be kicked.
OPTIONS:
a) Settings.FishMod.WarnPlayerThenKickInsteadOfNotify:true # if set to TRUE, there will be no in game notification sent to staff, but a warning will be issued to the player, before they are kicked.
b) Settings.FishMod.MaxFishAllowedBeforeKick: 30 #The number of fish a player can catch in the same spot before being kicked.
c) Settings.FishMod.WarningMessage #customizable warning that is sent to the player.
d) Settings.FishMod.KickMessage #Customizable kick message.

1) Fixed a bug with the 1.14 villager cheesing code that would derp out on wandering traders.

2) Now protects against AFK /Auto Fishing! (all versions) reliably detects players who are spam casting / auto click fishing. Players are kicked from the server when the exploit is detected and staff is notified of their location.


*NOTE* the above video is just one example of this fish farm, it does vary from version to version but anyone fishing faster than humanly possible will get caught.

Fixed a console error that was affecting some users, should be fixed for real for real now.

Sorry all, made a goof with one of the new features please update if you're running 1.7.4

Fixed a bug that would throw a console error if a portal had no exit and an item tried to pass through it.

Added protection against the villager trade cheesing exploit that allows players to get villagers to change their profession over and over (thus creating new trades) until they found the best possible trade for that villager. Now villagers will be locked to the first trade the spawn with until the player levels them up.

The 0 tick exploits are all still working in 1.14, this update re-enables those checks (it appeared they were fixed previously but now they're all working again)..

If you are running 1.13.2 still there's no need to download this update.

Updated to fix some debug code that was being printed to the console that I neglected to remove (sorry about that!).

Also added the ability to block non player entities from traveling through portals, this is to prevent dupes that kill monsters as well as falling blocks such as sand that would normally be duped when entering a portal.

The following configuration values will be added to your config automagically upon loading the plugin:

Any entity that tries to enter a portal is gently pushed away, thus trying to throw an item through a portal will cause it to get knocked back away from the portal. Notifications for portal attempts are OFF by default to prevent spam if a player decides to send a bunch of items or mobs through.

Added a couple options to the config for a few more exploits.

1) PreventMinecartGlitch: true - will stop players from being able to glitch a minecart inside another block using pistons.

2) RemoveExistingGlitchedMinecarts: false - Defaults to FALSE, if you have a problem with a lot of glitched minecarts already on your server set this to TRUE and they will be removed when loaded back into the game.

3) .PreventZombieItemPickup: false - Defaults to FALSE, the drowned dupe appears to be patched on spigot, but if you're using something else and players are able to dupe items that zombies pick up set this to TRUE to enable the protection.

This plugin has been compiled against the 1.14 Pre5 snapshot, and several long standing exploits have finally been fixed. It should run fine on a 1.14 server if you notice any issues please let me know!

IllegalStack will now automatically add any missing configuration options when the plugin loads.. Thus if you update to a new version you no longer have to manually add the new features to your modified configuration to get the protections turned on. This should make sure you always have the latest protection enabled.

Added a new check for 0 tick farms such as cacti and chorus plants that uses end rods and blocks that are smaller than full blocks.

http://prntscr.com/nf3dnd

This update will add protection against unicode characters being used on signs to overload the chunk and prevent it from saving. As far as I can tell the only way to pull off this exploit is via using a modified or hacked client.

Any player attempting to add illegal characters to a sign will be kicked from the game and the sign will be removed. Keep in mind these signs look totally blank. However looking at them will severely drop your FPS, 5 or so of them is enough to drop your frames a LOT.

http://prntscr.com/ndvre2

There are no options to enable if you are already using the book dupe protection:
(Settings.RemoveBooksNotMatchingCharset: true)

There IS a new option in the config if you have been affected by this dupe that will find existing signs in the world as ones that are already placed will remain in the world unless you find and destroy them, if your server was affected by the sign dupe be sure to enable this line in the config (its off by default)

DestroyBadSignsOnChunkLoad: true

TNT duping is back (confirmed working in latest 1.13.2-R0.1 build) however if you were already using this plugin you were protected as it uses rails which are part of another exploit that this plugin fixes. I went ahead and updated it to flag this as a TNT duper in the notifications and logs. I did NOT make a new configuration entry for this as it overlaps with the rail/carpet dupe methods so as long as you have PreventRailDupe: true in your configuration your server will be protected.

This update closes another variation of the cactus dupe that was not previously covered. Minor update no config changes required.

Fixed a bug that would not allow players to shift click items into a CPI opened shulker box.

Fixed a bug that would throw a console error if you clicked while a inventory window was open. *Should have only affected CMI users*

This update adds the option for a whitelist to book protections, and can block CMI from allowing players to nest shulker boxes (non vanilla behavior)

CMI is a premium plugin that allows players to shift + right click on a shulker in their inventory, this opens a fake inventory which has the shulkers contents.. It has the side effect of allowing you to put a shulker box inside a shulker box (non vanilla behavior).

CMI Shulker Nesting
To block this "feature/bug?" in CMI simply add the following to your config.yml under Settings:

Book Whitelist
Any player listed in the config for the book whitelist will be able to create books that would normally be destroyed for not matching the specified character set. This may be useful if you use books as guides with non standard characters in them as decoration. Keep in mind never add a player you do not trust to the whitelist as they could create books for the book exploit and give them to other players!

Books MUST be signed by the whitelisted author to bypass the protections.

To enable this feature regenerate your config OR add the following lines to your config.yml under Settings

***NOTE**** If you generate the config from scratch it will auto add myself to the list upon creation, please change my name to your name or a trusted admin on the server. It grants no other permissions other than bypassing the book protection. This list also has NO effect if the book protection is OFF on your server. If you don't need a whitelist feel free to delete this list as it won't cause problems if the plugin does not find it on startup.

Fixed a bug with the new in game messaging system that would cause an error in the console on some detections.. Should no longer be an issue!

Added an option for in game notifications to be sent to players with the appropriate permission.

Note* Op's are given this permission by default, if you would like to turn this off simply negate the permission.

To add the perm to non-op's give your user(s) the illegalstack.notify permission.

To enable notifications to be sent in game you'll need to add the following line to your config.yml under Settings:

Also, if you're using Spigot the notifications will be sent as a clickable chat component allowing your staff to teleport to the location where the exploit was detected.

http://prntscr.com/n8wa31

*Feel free to leave a rating on this plugin!

There's a couple new farms that can be abused to farm cacti as well as chorus fruit insanely fast. As of this version these machines will be stopped and broken once detected.

Version 1 with regular pistons


Version 2 with sticky pistons


This will also prevent the same style zero tick chorus farms from being used.

In order to enable this feature without re-generating your existing configuration simply add the following line to the config.yml under Settings.

Added the ability to log offenses to a text file as well as the console.

All offenses have their date/time recorded and saved in a log file:

/plugins/IllegalStack/OffenseLog.txt

this option can be turned off in the config.yml If you are upgrading from a previous version and wish to preserve your configuration simply add the following line to your config.yml:
LogOffensesInSeparateFile: true

Added protection for the Piston/Item Frame dupe glitch present in Spigot 1.12.2 final (and possibly below) as long as you're running a recent version of 1.13 this should be patched.

The way this dupe works is players place an item frame on a piston with the item they wish to dupe, (including full shulkers). They then extend/retract the piston and time punching the item frame correctly resulting in a dupe drop.

Whenever this dupe is detected the location of the offense as well as the item that was attempted to be duped is logged to the console.

Video example


There are a couple other variations of this dupe including using a retraction with a sticky piston on another block but version 1.5 should cover all variations of this dupe.

Fixes a bug with blocking hopper transfers across unloaded chunks.
if you are using the setting: PreventHoppersToUnloadedChunks=true
please update to this version.

Fixed minor bug dealing with hopper minecarts, it was more of a nuisance error and would cause an error in the console so please update to avoid this.

Fixed a bug that was causing 1.8 players to be unable to pick up items while the plugin was active. This bug ONLY affected 1.8 servers so if you're using anything other than 1.8 there is no need to download this version.

There's been another glitch brought to my attention that if players use books filled with garbage characters they can prevent a chunk from saving. This means you can fill up a chest, do the glitch and then empty the chest, leave and the chunk will not have updated.

This fix will remove books filled with garbage characters. The default encoding is US-ASCII (you can change it in the config if you use another charset on your server) you can also specify a threshold of pages (default 5). If a book has more than 5 pages with characters that are NOT in your selected encoding the book will be deleted.

All options can be changed in the config, you'll need to regenerate your configuration file or manually add the new settings to your config if you're upgrading.


The video for this exploit is located here:

It has been brought to my attention there was an exploit that allowed users to put a shulker box into another shulker box. The plugin will now detect if a shulker box contains other shulker boxes and will delete them.

To enable this feature to your existing setup you'll need to either delete the configuration or add the following line to settings in the config.yml

Added cross version support for spigot 1.8 - 1.13.2
The plugin will automatically detect which version you are running adjust itself accordingly.

No config changes required if updating for 1.3.9

Added protection against methods that remove piston heads and utilize the glitch to break bedrock and such. Any piston who has its head removed will also have its base removed.
see this video -> (confirmed working in 1.13.2)

Also added configuration options to each of the protections so server owners can turn them on / off. (you'll need to remove your old config and restart the server to generate the new protections.) note if you do NOT regenerate your config.yml then NONE of the protections will be active!

Fixed a bug that would cause piston's to be removed incorrectly. Should only affect exploitable blocks now.

Added a new dupe fix, which allowed players to dupe rails of all types, carpets, and such. This version will REMOVE the piston causing the dupe thus breaking the dupe machine, the location in the world will be written to the console so that you can locate the offending player / machine.

The protocollib / recipe command feature of this plugin has been removed since the /recipe glitch was finally fixed. There are no config changes if you're upgrading from an older version.

Per user request this version will now create a configuration file and allow you to add Material types to it. By Default it will exclude Potions and Splash Potions.

To add more simply add the to the list in IllegalStack/config.yml

Got a bunch of cool custom recipes but the new recipe book is allowing your players to get infinite items? Have no fear!

Since mojang added the recipe book it's caused a couple major dupe issues, the second one being with the essentials /recipe command. They didn't bother to roll out support for our custom recipes to be added to this book thus if you leave /recipe enabled you're going to be giving your players access to infinite items.

**Note** This feature Requires ProtocolLib to be installed before the /recipe command will be re-enabled, permissions to the /recipe command must also still be used, essentials.recipe

This update addresses the issue which allows player to get items out of the /recipe inventory by clicking anything in the recipe book. Clicks to the book will be blocked while the player is looking at a /recipe.

Otherwise the recipe book and crafting works as normal, the only time it blocked is when a player invokes the /recipe command.

Currently compiled against Minecraft Version 1.12.1 and prevents the carpet/rail dupe glitch that is built into vanilla using slime blocks.



Basically build this machine, the carpet on the end (or any rail) placed where the carpet is, will break and replace itself dropping a copy of the item every time the observer on the right updates. If you create a clock here to update it quickly then you can mass dupe carpets / rails very fast. Not a HUGE ordeal but if players can sell carpets or rails in your shop then it has the potential to destroy your economy quite quickly.

This update prevents players from using hoppers to extract stacked items one at the time. Item movement will be blocked and the stack removed.

Update to support the scanner checking players who are wearing stacks of armor on their body.

This plugin now catches players with an oversized stack of items in their offhand.

This update plugs the exploit that allows users to spam click and create dupes of items.

Note: it is just a work around preventing the exploit from happening until a fix from spigot / mc is released.