If your server host is nice enough to give you a webpage where you set it up then great, if not, you should follow the Spigot firewall guide, it has everything you need to know.ĪLLOW: Your proxy IP (High priority - Generally 25 but can be anything as long as it’s higher than the disallow rule)ĭISALLOW: 0.0.0.0 (Every other IP) (Low priority - Generally 1 so that the other rules are checked first before blocking everyone) These plugins rely on something called the PlayerHandshakeEvent which in super simple terms means that, the client and server shake hands and say, “Hey, this person is okay to join, the token ID that they gave me is the same”, however, this event was only introduced into Minecraft 1.9.4 and therefore loading the plugins on a version before this will not protect you. Please don’t fall into the same trap that I did and think that using a plugin such as IPWhitelist or BungeeGuard on a 1.8 server will protect you as it won’t. If you add a firewall to every one of your backend servers with 2 rules, you should be protected! They have access to anything they need and generally end up griefing everything because these people for some reason enjoy making everyone’s life living hell Since bungeecord requires backend servers to run in offline mode, there is no authentication meaning that you can join directly to the backend servers under any username and inherit all of their permissions That user with malicious intent found the username of a player with permissions such as /op and loaded up a cracked client with that username (Cracked = non premium account / unauthenticated account) This means that the old IP was still listed on voting sites etc.) A user with malicious intent finds the IP to one of your backend servers (For my situation this was easy as I had previously only had 1 server and then later updated to a bungeecord network. ![]() The problem that happened to me wasn’t that my server or account was “hacked” or “compromised”, it was simply that I hadn’t prevented an exploit called UUID Spoofing (This is what happened in the Minecraft Monday event if anyone remembers people like Technoblade being banned from the server) I have left the original post in the spoiler above so that I don’t get banned from Spigot for a week however, this is still about the same topic so I’m pretty sure I’d be fine anyway. I am editing this post to tell you what happened, and how to fix it if it happens to you. I love my server and everything about it so any help is appreciated, I just really want to know what I can do to stop them from doing it again, and to make sure that they definitely cant log on. I instantly shut down the whole network in an attempt to stop them but I just didn't know what to do. They didn't hack my account, but used my username and uuid on my server. As soon as my friend told me it was happening I joined in an attempt to ban them but they had my username and it said "That player does not exist". ![]() ![]() My server has been hacked and someone is logging on with my account and running commands that grief the maps, set random players as owner and things like that.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |