═══════════════════════════════════════

⚡ Why Choose MBTH Login Security?

• ✔ Session Hijacking Protection - NEW! Prevents username takeover attacks
• ✔ Dual Authentication - Password + PIN code for maximum security
• ✔ Beautiful GUI PIN Vault - Stunning graphical PIN entry with custom number heads
• ✔ Premium Player Detection - Auto-authenticate paid Minecraft accounts
• ✔ Discord Webhooks - Rich notifications with no dependencies!
• ✔ Alt Account Detection - Automatic IP-based tracking
• ✔ Zero Dependencies - Works out of the box!
• ✔ Fully Customizable - Every message, color, and feature configurable

═══════════════════════════════════════

️ CRITICAL SECURITY UPDATE - v1.0.1

⚠️ Session Hijacking Protection Now Active!

What was fixed?

• ❌ Old vulnerability: Attackers could kick players by joining with their username
• ✅ Now protected: Duplicate username attempts are blocked BEFORE joining
• ✅ Real-time alerts: Console, in-game, admin, and Discord notifications
• ✅ Zero impact: Original player stays connected and safe
• ✅ Full audit trail: Complete logging with IP tracking

Your players are now fully protected from session hijacking attacks!

═══════════════════════════════════════

Core Features

Password Authentication

• SHA-256 encrypted passwords
• Configurable password requirements
• Failed attempt protection (auto-kick)
• Session management (stay logged in)

PIN Code System

• Gorgeous GUI PIN Vault with balloon number heads
• Optional or mandatory PIN setup
• Separate PIN verification after password login
• Command-based or GUI-based entry

⭐ Premium Player Support

• Automatically detect paid Minecraft accounts
• Instant login bypass for premium players
• Perfect for hybrid servers (premium + cracked)
• Fully configurable

Login Method Choice

• Beautiful GUI menu to choose login method
• Players with PIN can choose: PIN or Password
• Faster login with PIN (4 digits vs full password)
• Seamless user experience

═══════════════════════════════════════

️ Security Features

• Session Hijacking Protection - NEW! Blocks duplicate username attacks
• SHA-256 Hashing - Passwords never stored in plain text
• Session Validation - Configurable auto-login duration
• IP Tracking - Monitor accounts from same IP
• Alt Detection - Automatic alt account identification
• Account Freezing - Lock suspicious accounts instantly
• Login Timeout - Auto-kick if player doesn't login
• Attempt Limiting - Kick after X failed attempts
• Real-Time Alerts - NEW! Multi-layer security notifications

═══════════════════════════════════════

Customization

Everything is customizable!

• Custom server branding
• Personalized titles and messages
• Minecraft color codes supported
• Configure every aspect

═══════════════════════════════════════

Discord Integration

Native Discord Webhooks - No plugins required!

Notification Types:

Login Events - Password/PIN logins, premium auto-login
Registration Events - New accounts, PIN setup
Security Alerts - Failed attempts, suspicious activity, session hijacking attempts

• Beautiful rich embeds with colors
• Automatic timestamps
• Fully asynchronous (no lag)
• Multiple webhook support

═══════════════════════════════════════

⚙️ Admin Commands

All commands require mbth.admin permission or OP

═══════════════════════════════════════

Player Commands

═══════════════════════════════════════

Screenshots





═══════════════════════════════════════

⚡ Quick Setup

1. Install
2. Start Server
3. Configure (Optional)
4. Setup Discord (Optional)
5. Reload
✅ That's it! You're secured!

═══════════════════════════════════════

Perfect For

Cracked Servers

• Full authentication required
• Password + PIN protection
• Alt account monitoring
• Maximum security with hijacking protection

Hybrid Servers

• Premium players auto-login
• Cracked players authenticate
• Best of both worlds
• Flexible configuration

Premium Servers

• Optional extra PIN security
• Session management
• Login choice convenience

═══════════════════════════════════════

⚙️ Technical Details

Requirements:

• Minecraft 1.20.1+ (Paper/Spigot)
• Java 17+
• No dependencies!

Performance:

• Lightweight (< 100KB JAR)
• Async operations (no TPS impact)
• Optimized event handling
• Minimal memory usage

Storage:

• YAML-based player data
• Automatic backups on save
• Easy to manage and migrate

═══════════════════════════════════════

Configuration Example


═══════════════════════════════════════

Feature Comparison

[TABLE="class: grid, width: 100%"]
Feature Other Plugins MBTH Security
Password Auth ✔ ✔
Session Hijacking Protection ✘ ✔ Advanced
PIN System ✘ ✔ GUI + Commands
Premium Detection Some ✔ Advanced
Discord Integration Requires Plugin ✔ Native Webhooks
Alt Detection Basic ✔ Advanced + Tracking
GUI Interfaces ✘ ✔ Beautiful GUIs
Login Method Choice ✘ ✔ GUI Selection
Account Management Limited ✔ Full Admin Tools
Customization Basic ✔ Everything
Security Alerts Basic ✔ Multi-Layer
[/TABLE]

═══════════════════════════════════════

❓ FAQ

Q: Does this work on cracked servers?
A: Yes! It's designed specifically for cracked and hybrid servers.

Q: What is session hijacking protection?
A: NEW in v1.0.1! Prevents attackers from kicking players by joining with their username. Your players are now fully protected!

Q: Do I need DiscordSRV?
A: No! We use native Discord webhooks - no dependencies required.

Q: Can premium players skip authentication?
A: Yes! Enable premium-bypass in config.yml

Q: Is the PIN system mandatory?
A: No, you can make it optional or completely disable it.

Q: Does this lag the server?
A: No! All operations are optimized and async - zero TPS impact.

Q: Can I customize the messages?
A: Absolutely! Every message supports Minecraft color codes.

Q: What happens if a player forgets their password AND PIN?
A: Admins can use /resetpassword or /resetpin to help them.

═══════════════════════════════════════

Bonus Features

• Session persistence (remember logins)
• IP-based alt account tracking
• Account freeze/unfreeze system
• Force logout capability
• Detailed alt account reports
• Customizable login timeout
• Configurable attempt limits
• Beautiful title animations
• Color-coded console messages
• Comprehensive logging system
• Real-time security alerts
• Full audit trail with IP tracking

═══════════════════════════════════════

Documentation

Full documentation included!

• Complete setup guide
• Command reference
• Configuration examples
• Discord webhook tutorial
• Session hijacking fix documentation
• Troubleshooting guide
• Security best practices

GitHub: https://github.com/Adhi1908/mbth-security/
Documentation: Full Guides

═══════════════════════════════════════

Support

Need help? We've got you covered!

• Discord: https://discord.gg/Q4xe2Uhksj
• GitHub Issues: Report Bugs
• Documentation: Read Guides

═══════════════════════════════════════

⭐ Reviews

"Finally, a login plugin that actually looks good! The PIN vault is amazing!"
- ServerOwner123

"Best security plugin I've used. Discord webhooks work perfectly!"
- MinecraftAdmin

"Premium detection saved me so much time. Highly recommend!"
- HybridServer

"The session hijacking protection is a game-changer! My players are finally safe!"
- CrackedServerAdmin

═══════════════════════════════════════

Statistics


═══════════════════════════════════════

️ Changelog

v1.0.1 (Critical Security Update)

• CRITICAL FIX: Session hijacking vulnerability patched
• ️ ADDED: Pre-login username blocking system
• ADDED: Real-time security alerts
• ADDED: Enhanced logging and audit trails
• ADDED: Multi-layer notification system
• ✅ IMPROVED: Zero performance overhead
• ADDED: Comprehensive security documentation

═══════════════════════════════════════

Roadmap

Planned Features:

• [ ] 2FA via email/Discord
• [ ] MySQL/MongoDB support
• [ ] Multi-language support
• [ ] Captcha system
• [ ] Login history viewer
• [ ] Security statistics dashboard

═══════════════════════════════════════