Anti Op Abuse
simple plugin that replays all console logs + creative mode interactions to a webhook excluding auth messages, and private messages (/msg), also masks IPs
Quick challenge
How far can you run before the mobs catch you?
Minecraft check
Confirm your run
Complete the quick check to get your code.
Anti Op Abuse
AntiOpAbuse ⛔
yo server admins are probably abusing yk so this plugin gives you trust
AntiOpAbuse watches the server console 24/7 and rats out everything to a Discord webhook in real time. *Every* command, ANY item taken from creative inventory. but with safeguards; no join IPs shown, no auth messages shown, no /msg, /team chat shown
No alerts are give to OP, nor can they disable it. catches consoles offguard too.
---
What it does
- 📡 Commands ONLY option in config — every console line gets forwarded to Discord in real time - 🎨 Commands ONLY option in config — logs every item a creative mode player takes, because "I was just looking" is not an excuse - 🤐 Commands ONLY option in config — filters out IPs, DMs, and passwords so no leaking sensitive stuff - ⚡ Commands ONLY option in config — runs completely async, the main thread has no idea this is even happening - 🛡️ Commands ONLY option in config — there is no command to turn it off. No permission node. No secret backdoor. The only way to stop it is to physically remove the jar, which, good luck explaining that one - 🔁 Commands ONLY option in config — it waits, it retries, it doesn't give up - 🔧 Commands ONLY option in config — ye js two. its minimal af. (or i was js not able to find more config options lol) - 🧹 Commands ONLY option in config — tired of reading your whole chat and only wanna see the abuse?, this one fixes that (it does not affect creative menu logging)
---
Works on
| Server | Supported | |--------|-----------| | PaperMC | ✅ | | Spigot | ✅ | | Bukkit | ✅ | | Purpur | ✅ |
- Java: 1.18.x – 1.21.x (guaranteed), prob works on 1.15+ too but js to be safe - Java: 17+ (if you're still on Java 8 please close this tab)
---
Setup
1. grab the jar from download option 2. chunk it in `plugins/` 3. start the server, itll generate the config 4. open `plugins/AntiOpAbuse/config.yml` and paste your webhook URL 5. Run `/antiopabuse reload` 6. now try to abuse haha
---
Config
```yaml
AntiOpAbuse Configuration
─────────────────────────────────────────────────────────────────
webhook-url : Your Discord webhook URL.
Create one under Server Settings → Integrations → Webhooks.
send-as-codeblock : Wrap each log line in a Discord code block for
monospace / easy reading. Set false for plain text.
commands-only : When true, filters out noisy lines like player chat,
join/leave messages, server lag warnings, and plugin spam.
Commands, console output, warnings, errors, and creative
logs still come through. IPs, private messages, and auth
plugin output are always filtered regardless.
─────────────────────────────────────────────────────────────────
webhook-url: "DISCORD_WEBHOOK_HERE" send-as-codeblock: true commands-only: false
```
yep no backdoors or disable options
---
What it looks like in Discord
Console relay: ``` [INFO]: adminabuser issued server command: /op xX_GrieferKing_Xx [INFO]: scaryop issued server command: /give @a diamond 64 [INFO]: katR issued server command: /ban Steve [INFO]: katR is the goat fr ```
Creative inventory logging: ``` [CREATIVE] ezznub took 64x golden_apples [CREATIVE] abuser1 took 1x bedrock [CREATIVE] fullnethin1day took 64x netherite_ingot ``` > caught instantly nubz
---
Commands
| Command | What it does | |---------|-------------| | `/antiopabuse webhook` | Pings Discord and tells you if it's working | | `/antiopabuse reload` | Reloads the config so you don't have to restart | | `/antiopabuse logs` | displays last 50 logs (can be run by all players) | Alias: `/aoa` for when your js lazy
Only OPs can run these. And yea, running them gets logged too.
---
What it won't snitch on
we trynna help players not expose them
- Auth plugin stuff — nobody needs those in Discord - Auth plugin stuff — private messages stay private - Auth plugin stuff — passwords, login attempts, all filtered out
---