Aethelguard

Aethelguard v0.3-sentinel Adaptive Security + Recovery Update Hey everyone! I would like to introduce Aethelguard, a Paper-based authentication and security plugin for Minecraft servers. The goal of Aethelguard is simple: keep players safely locked in an authentication flow until they verify themselves, reduce noisy vanilla console logs, and give server owners deep control through a clean and well-commented config. This release is called: Aethelguard v0.3-sentinel - Adaptive Security + Recovery Update This update moves Aethelguard beyond a basic login/register plugin and turns it into a broader authentication security package with captcha, 2FA, recovery, adaptive security, VPN/proxy checks, and a stronger config system. Main Features - /register, /login, /changepassword account system - Secure password hashing with BCrypt - Local YAML or MySQL storage - Captcha system: MAP, TEXT, NUMERIC, ALPHANUMERIC, MATH - Map-based captcha display - TOTP-based 2FA support - Account recovery with security questions and backup codes - Adaptive security system - VPN/proxy/Tor/hosting IP checks - Session auto-login - Advanced password policy - Cooldowns for sensitive security commands - Inventory, armor, and offhand hiding during authentication - Bossbar guidance depending on the auth state - Prevent unauthenticated players from seeing normal chat - Suppress noisy vanilla join/quit/connection/command logs - English/Turkish message files and custom language support - Config sync system that adds missing settings with comments in the correct sections Adaptive Security Aethelguard can evaluate login risk and adjust the authentication flow. For example: - Trusted IPs can skip captcha after repeated successful logins. - Suspicious IPs can receive an extra captcha. - VPN/proxy/Tor/hosting signals can be checked. - Too many accounts from the same IP can be treated as suspicious. - Too many wrong password attempts can increase the security level. This means trusted players can enter faster, while suspicious connections can be verified more carefully. VPN / Proxy Detection Aethelguard v0.3-sentinel adds VPN/proxy detection. Supported providers: - IPWHOIS - IPAPI Checked signals: - VPN - Proxy - Tor - Hosting/datacenter The system supports caching and timeouts. This prevents the same IP from being checked constantly and avoids long delays during login. Admins can also configure what should happen if every provider fails. Account Recovery Players can recover their accounts safely. Supported methods: - Security questions - One-time backup codes Command examples: /securityquestion setup /securityquestion answer /backupcodes generate /recoverymethod question /recoverymethod backup-code /recover question <newPassword> /recover code <backupCode> <newPassword> Server admins can enable or disable security questions and backup codes separately in the config. Security questions are loaded from language files: - security_questions_tr.yml - security_questions_en.yml 2FA / Authenticator Aethelguard uses the TOTP standard. Compatible apps: - Google Authenticator - Microsoft Authenticator - Authy - Other TOTP-compatible apps Commands: /2fa setup /2fa confirm /2fa disable /2fa For accounts with 2FA enabled, Aethelguard can send the player directly to /2fa after captcha. This avoids forcing players through captcha + password login + 2FA every time. Captcha System A captcha verification step can run before login/register. Supported captcha types: - MAP - TEXT - NUMERIC - ALPHANUMERIC - MATH The captcha system supports cooldowns, attempt limits, kick behavior, map item handling, and success sounds. Captcha attempts are separate from wrong password attempts. This allows admins to configure different security rules for captcha and password login. Password Policy Password rules are highly configurable. Configurable options: - Minimum password length - Maximum password length - Require at least one letter - Require at least one number - Block passwords containing the username - Allow or block Turkish characters - Allow or block punctuation - Allow or block emojis, special fonts, and unusual symbols - Configurable blocked word list These rules apply consistently to: - /register - /changepassword - /recover - /aethelguard changepassword Config and Language System Aethelguard checks the config on startup and reload. It can: - Add missing settings - Place new settings in the correct section - Include comments for new settings - Preserve existing admin values - Move known misplaced settings back to the right category - Make updating from older versions easier Messages can be customized through: - messages_en.yml - messages_tr.yml - Custom messages_.yml Console language is also configurable: - console-language: en - console-language: tr - console-text-mode: native - console-text-mode: ascii If your hosting panel does not display Turkish characters correctly, ascii mode can be used. Commands Player commands: /register /login /captcha /changepassword /2fa setup /2fa confirm /2fa disable /securityquestion setup /securityquestion answer /backupcodes generate /recoverymethod question /recoverymethod backup-code /recover question <newPassword> /recover code <backupCode> <newPassword> Admin commands: /aethelguard reload /aethelguard status /aethelguard sessions /aethelguard session /aethelguard clearsession /aethelguard clearsessions /aethelguard unregister /aethelguard changepassword <newPassword> /aethelguard unlogin What Changed From 0.2-sentinel to 0.3-sentinel? 0.2-sentinel focused on a clean login/register flow and cleaner console logging. 0.3-sentinel makes the authentication system smarter, safer, and easier to manage. In short: - There was no captcha. Now there is a full captcha system. - There was no 2FA. Now authenticator support is available. - There was no account recovery. Now security questions and backup codes are available. - There was no VPN check. Now VPN/proxy detection is available. - There was no adaptive security. Now risk-based captcha behavior is available. - Password rules were limited. Now there is an advanced password policy. - Sensitive security cooldowns were added. - The config system now supports commented and ordered auto-sync. - Turkish console output now supports native/ascii modes. Future Plans Aethelguard is planned to grow into a broader security and management ecosystem. Some planned ideas: PIN Login System A PIN-based login system is planned as an alternative to the classic password flow. Server admins will be able to choose the default login method, while players can also choose between PIN and classic password login for their own accounts. Player Settings GUI An in-game GUI is planned so players can manage account security settings more easily. Examples: - Change password - Enable/disable 2FA - Enable/disable auto-login - Manage PIN settings - Choose between password login and PIN login - Manage recovery method Staff Commands and Moderation GUI A GUI-based system is planned for staff commands such as /ban, /kick, /mute, and /tempban. For example, staff members could open a player-specific GUI and apply punishments with one click. Timed punishments could be selected through chat or directly inside the GUI. Discord Ticket Integration A Discord-integrated ticket system is planned for players who want to report staff members or submit complaints. This system would be configurable and could be enabled or disabled by server admins. Resource Pack Plugin Integrations Better compatibility with plugins like ItemsAdder, Nexo, and Oraxen is planned. Ideas include: - Custom model data for GUI items - Custom GUI items - Resource-pack-friendly auth/recovery interfaces - Experiments with QR display for 2FA Permission Plugin Integrations Better integration with permission plugins such as LuckPerms is planned. The idea is to provide: - A file or command system for assigning staff permissions to parent groups more easily - Faster permission setup for server admins Web Panel One of the biggest long-term ideas is a dedicated web panel. Planned panel features: - Player profiles - Last login/logout data - Timeout, mute, and ban history - Which staff member applied each punishment - Active days and active hours - Average playtime - Summary of the last month of player activity - Staff profiles - Staff actions - Staff login/logout and activity reports - Complaints submitted against staff members - Staff performance reports - A motivational "Staff Member of the Month" style ranking The goal is not only to store punishment history, but also to help server owners understand staff performance, player safety, and community management more clearly. Short Summary Aethelguard aims to be more than a basic login/register plugin. It is designed as a broader authentication security package with captcha, 2FA, recovery, VPN checks, adaptive security, clean logging, and a powerful config system. GitHub / Download: https://github.com/Aethelster/Aethelguard Feedback, bug reports, and suggestions are always welcome.