# SpigotMC — AngkorSecurity

---

## Tag Line
```
⚔ Advanced security suite — brute-force protection, threat scoring, VPN/GeoIP blocking, OP tracking & Discord alerts.
```

---

## Description (paste into SpigotMC BBCode editor)

```

[HR][/HR]

Overview

AngkorSecurity is a comprehensive, production-ready security plugin built for Paper 1.21 servers.
It combines real-time threat detection, automated response, and deep audit logging into a single lightweight plugin — no database required.

Originally built for KrudSMP, a hybrid Java + Bedrock server, it is designed to handle both premium and cracked player environments with full Velocity proxy support.

[HR][/HR]

✨ Features

Brute-Force Protection

• Tracks failed login attempts per IP within a configurable time window
• Automatic lockout after threshold is reached
• Auto-ban IP and/or player on lockout (permanent or timed)
• Configurable attempt limit, lockout duration, and track window

Threat Score System

• Per-IP threat score (0–100) that escalates automatically
• Alert admins at configurable score threshold
• Temporary ban at mid-level threshold
• Permanent ban + Discord alert at high threshold
• Score decays over time when no suspicious activity is detected

VPN & GeoIP Blocking

• Detects VPN, proxy, and Tor exit nodes via ip-api.com
• Optional hosting/datacenter IP blocking
• Country whitelist or blacklist mode (GeoIP)
• Result caching to minimize API calls
• Graceful fallback — allows player through if API is unreachable

OP Tracker

• Detects unauthorized /op and /deop commands
• Auto-deop unknown operators instantly
• Kick player and drop inventory on unauthorized OP
• Periodic background scan for unknown OPs
• Full Discord + in-game alerts

Permission Guard

• Protects sensitive LuckPerms permissions from being granted or revoked
• Configurable protected permission list
• Alert admins on any protected permission change
• Optional auto-cancel of unauthorized permission changes

Gamemode Guard

• Blocks unauthorized creative mode switches
• Auto-kick or auto-ban players who enter creative mode
• Exempt permission node for trusted staff

Session & Alt Detection

• Tracks known IPs per player
• Alerts on login from a new/unknown IP
• Detects alt accounts sharing IPs with banned players
• Detects and logs player name changes

Staff Accountability

• Full staff action tracker with configurable retention
• Anomaly detection — alerts when staff logs in at unusual hours (configurable timezone)
• Suspicious command detection and logging
• All actions stored in a structured audit trail

Discord Webhooks

• Per-category webhooks (security, sessions, permissions, commands)
• Configurable event list — choose exactly what gets posted
• Rich embed-style messages with player name, IP, reason, and timestamp

Lockdown Mode

• /asec lockdown on — instantly kicks all non-admin online players and blocks new joins
• /asec lockdown off — restores normal access
• Admins with angkorsecurity.admin are always exempt

Audit Log & GUI

• Structured in-game GUI (/asec alerts) showing all security events
• Paginated — supports hundreds of entries
• Click any alert to see full detail in chat
• Plain-text audit.log file with auto-rotation

⚙ Other Features

• Jail & Mute system with duration support
• Spam & chat filter protection
• Login rate limiter (max connections per minute per IP)
• Network anomaly scanner (TPS monitoring, multi-IP detection)
• Custom rule engine — define your own trigger/action rules in config
• Auto-unban system for expired temp bans
• Join/leave logging with optional Discord alerts

[HR][/HR]

Commands

Command	Description
/asec alerts	Open security alerts GUI
/asec lockdown <on|off>	Enable or disable lockdown mode
/asec ban <player> [duration] [reason]	Ban a player
/asec ipban <ip> [duration] [reason]	Ban an IP address
/asec unban <player>	Unban a player
/asec banlist	View active bans
/asec mute <player> [duration]	Mute a player
/asec jail <player>	Jail a player
/asec score <ip>	Check threat score for an IP
/asec whitelist <add|remove|list>	Manage server whitelist
/asec reload	Reload configuration

[HR][/HR]

Permissions

Permission	Description	Default
angkorsecurity.admin	Full access to all commands	OP
angkorsecurity.alerts	Receive in-game security alerts	OP
angkorsecurity.bypass.ban	Bypass IP and player ban checks	false
angkorsecurity.bypass.bruteforce	Bypass brute-force lockout	false
angkorsecurity.bypass.whitelist	Always allowed to join	false
angkorsecurity.creative.exempt	Allowed to use creative mode freely	false

[HR][/HR]

Requirements

• Server: Paper 1.21 / 1.21.4
• Java: 21+
• Soft dependency: LuckPerms (optional — permission guard features)
• Compatible with Velocity proxy, GeyserMC, and Floodgate (hybrid Java + Bedrock)

[HR][/HR]

⚙ Configuration

All features are individually toggleable in config.yml.
No database required — all data stored in flat YAML files.
Discord webhooks support per-category URLs.

[HR][/HR]

License
© 2025 Krud Studio. All rights reserved.
```