Metrics statics being used to malicious actions

I have a server of 2 weeks of life, im using plugins whit metrics, and since then i having networks attacks.

My server is only for friends that i know, so its pointless that they can be the attackers.

Here is the proof of the networks attacks:

<moderator edit: Removed IPs>


These are the plugin that im using:


(ignore the selected elements)

Im considering to re compile the plugins that im using quiting the metrics feature, i know metric get SERVER IP, how can this static being ANONYMOUS?

bukkit should have a way to deactivate any metric, emetric. And EVERY PLUGIN should have the setting to deactivate it.

Thanks for read.

 

Every plugin that uses metrics does have the ability to turn it off and what is really nice is that you don't have to go into each plugin to do so. There is one place to turn them all off. The strange thing is that you say it can't be your friends but yet you have AuthMe.

 

I fail to understand what is going on.

 

I doubt you are getting network attacks. Most likely what is happening, is something is mistaking MCStats as a Network Attack, which means it is a horrible attack prevention measure.

 

Oh offline-mode servers...

 

http://forum.kaspersky.com/index.php?showtopic=171776

This is an automated scan trying to exploit a bug in MS SQL Server 200 that was fixed a decade ago. If your allegation is correct, that means the sysadmin of mcstats is gathering data about servers running minecraft and then trying to exploit a service that no minecraft server uses. In other words, the only data mcstats would be gathering is "this is a valid IP"

Except... pretty much all IPs are valid, these days, because we're running out. The chances that this is anything other than an automated brute-force scan, and coincidence, are basically nill.

tl;dr Nothing to do with MCStats (which you can disable anyway, y'know)

 

Every plugin does have to have a way to disable stats collection. MCStats is not collecting IPs to try exploiting.

 

Funny, this is all because kaspersky....

This post can be closed.

Thanks everybody who reply.

 

There's no access to the server IPs for the general public or plugin devs nor do I believe they are even stored - each server has a unique GUID number (not related to the IP address) which is used for tracking the statistics. Hidendra could confirm further.

klys - if you've solved the issue could you rename the thread appropriately? (perhaps removing blame too?)

 

Metric can get SERVER IP, i read it on a plugin description. Was the plugin developert wrong?

 

A lot of plugins add an "auto-update" feature to either download or alert you to a new update. Any website they connect to in order to gather the update information can get your server IP. I believe Bukkit itself also includes this feature which means it gets your server IP. Metrics also gets your server IP. Any website you ever connect to gets the IP address of the connection you're using.

This doesn't mean that any of these services record such an IP address for later use, nor does it mean that they provide access for anyone else to see the IP address.