Critical [Creative] NBT Items

Discussion in 'Server Issues' started by Holomason, Jan 12, 2019.


Restrict or Ban NBT Items?

Poll closed Saturday at 12:01 AM.
  1. Restrict

    0 vote(s)
  2. Ban

  1. Holomason

    Holomason New Member

    Likes Received:
    Trophy Points:
    I was banned a few months back for importing NBT tagged items into Creative, and as part of an agreement for my appeal I'm here to report some vulnerabilities that these items can exploit. I'll try to keep this report clear of jargon, but this is a very serious issue that requires some technical info.

    First and foremost, NBT tags in general. Using certain mods or hacked clients, you can apply endless amounts of data to a single item. This can be done either in-server or in single player mode. This alone is a significant problem because if a player is killed by an item with an extreme amount of tags (i.e. a shulker loaded with stacks of lengthy books) it can potentially cause everybody connected to the server to crash. In 1.12 and below, items with unusual unicode symbols and the text scrambling format (&k) can make item names fly everywhere. Another important issue is meta tagging. Meta information controls which variant of block or durability of tool appear in your inventory, but it can be changed in NBT editors. Chief amongst maliciously meta tagged items is "minecraft:oakleaves2" with a meta of "6". When placed, the block is impossible to render and causes clients crash. The block would theoretically require a custom texture pack to remove by hand, but it could also be removed using a world editor/worldedit commands.

    NBT tagged mobs are a principal threat to the integrity of the server. While some tags designed for mobs can be harmless (i.e. custom names visible at all times, gravity, silent mode), some can wreak havoc on players latency. Amongst these are speed attributes combined with follow range attributes, which, if set to a high enough speed, can dedicate an extreme amount of processing power and also send mobs outside of plots; high resistance effects, which can render mobs unkillable; Creepers and Ghasts with high explosive tags, which can act as nuclear bombers and dedicate serious memory if given high enough tag values; and mobs with equipment, who can be given items such as the aforementioned shulker box, overpowered armor, and other NBT tagged items. Over the course of the last two years, I've studied a number of ways to deal with some of these more persistent mobs, and the most effective way thus far seems to be with "death pots"; splash potions with extremely high Instant Health effects.

    Other NBT tagged items are special cases. By NBT editing written books, one can include commands, write in text that crashes clients upon the book being opened, and change the author of the book. One can also edit commands into signs in a similar fashion. However, besides the above information and the threat of items with negative and positive infinite speed attributes, items with negative health attributes, or troll potions, most other items pose no threat and some serve to enhance the players experience by zooming in the player's vision (negative speed att.), providing controlled boosts to abilities (potions with custom effects), serving as easy tools for mob butchering (overpowered weapons), or serving as art ("designer" items).

    In the end, I can't hold a solid opinion on this matter. Phanatic's creative is one of the very few servers left that doesn't have any plugins that disallows NBT items. While they can certainly add to the server in terms of fun, they can also destroy it. Until @PhanaticD decides whenever or not to change the rules or add a plugin, I suggest that moderators carefully inspect cases of suspicious gifts. If any moderator needs some examples of any of the aforementioned items, I'd be happy to provide a save containing a 16-large-chest collection of items I've obtained over the years from various sources.

    I'd also like to humbly request the addition of an Anarchy game mode.

Share This Page