Logo
Soully2fa
PluginMIT

Soully2fa

Soully2fa secures OPs by isolating them in sky-limbo until a Discord-sent 6-digit code is entered. Featuring real-time risk levels, Geo-IP tracking, and encrypted logs to block account hijacking and Force-Op exploits.

46
Downloads
0
Followers
2 months ago
Updated
📦
5
Versions
managementbukkitfoliapaperpurpurspigot
Download Latestv1.0+1.21-1.21.11View on Modrinth

📖About Soully2fa

🔐 Soully2fa

Stop account hijacking before it happens. Built for 1.21.x and the 26.x Tiny Takeover builds.

In the current Minecraft landscape, one leaked staff password can ruin a community. Between Op-Griefing and Force Op exploits, passwords are not enough. Soully2fa is a security layer that connects your server to Discord, ensuring that even if an attacker has a staff password, they cannot control the world.

🛡️ The Sky Limbo Protocol

Traditional 2FA plugins only freeze a player in place. This is a security risk because attackers can still view the world, use the F3 menu to scout coordinates, or interact with nearby entities. Soully2fa uses the Sky Limbo Protocol.

Upon joining, unverified staff are instantly teleported +150 blocks into the atmosphere and blinded.

  • Visual Isolation: Attackers cannot scout builds, coordinates, or player locations.
  • Physics Lock: Movement is strictly reset to the safe location to prevent fly-hacks from escaping.
  • Packet Security: Chat and commands are intercepted at high priority so no unauthorized messages reach the server.

🧠 Risk Assessment Logic

The plugin analyzes every login and assigns a Risk Level (1-5) based on historical data:

  • Level 1-3: Standard login from a recognized IP and location.
  • Level 4 (High Risk): Triggered when a staff member joins from a new IP or a different geographical region.
  • Level 5 (Critical Threat): Triggered if a player is granted OP status or high-level permissions while in-game. This stops Force-Op exploits immediately.

📊 Discord Audit Logging

The system sends a threat assessment directly to your Discord staff channel:

  • Geo-IP Integration: Identifies the City and Country of the login attempt.
  • Privacy Controls: IP addresses and Regions are wrapped in ||spoiler|| tags to keep staff data private in logs.
  • Visual Indicators: Uses status bars (⬛⬛⬛⬜⬜) for quick threat assessment.

✨ Technical Features

  • Java 25 Optimized: Built for the 26.x branch and latest JVM performance.
  • Cross-Version: Supports 1.21.x, 26.x.
  • Feedback: Identity Confirmed titles and sound effects upon success.
  • Auto-Kick: Configurable timer to purge unverified users and save resources.
  • Permissions: Use soully2fa.verify for specific ranks or handle all OPs automatically.

🚀 Setup

  1. Place 2faSoully-1.0.jar into the /plugins directory.
  2. Put your Discord Webhook URL in the config.yml.
  3. Restart the server.

Project Details

  • Organization: SoullyReaperDevs
  • Developer/Owner: SoullyReaper
  • Discord: @anpersonthatperson
  • Email: [email protected]