My server got hacked. They logged in as other players and also myself destroying lots of hard work. Does anyone know how i can prevent this session stealer type hacking or do i just have to keep regular backups and hope it doesn't happen again? :/
Update bukkit to the latest DEV version. There is a player auth exploit in bukkit builds #2864 and lower. Builds #2865 and higher are safe.
Regardless of any other issues, you should always keep regular backups. (You probably know that, but I'm just saying it for anyone else reading.) I believe #2864 is safe, since that includes the change titled "Fix improperly initialized usernames". The sad part is that this was fixed last Tuesday, but the Craftbukkit people didn't bother to inform server owners that this is a critical update. EDIT by Moderator: merged posts, please use the edit button instead of double posting.
It's not safe according to PlanetMinecraft and a bunch of other sources. As to why bukkit isn't informing people about this, not sure.
Yeah well my server host doesn't update bukkit unless i tell them to. Which is a bit ****ing pathetic i.m.o