Hacker, has * permissions on multiple accounts, Nothing shown in log.

Discussion in 'Bukkit Help' started by ben1122a, Nov 25, 2014.

Thread Status:
Not open for further replies.
  1. Offline

    ben1122a

    Hello all,
    A hacker has been targeting my prison server. Whenever he enters, he magically seems to have the * permission. Whenever I check his ip, it is either "192.168.somthing" or "0.0.Something"
    I have banned many of his accounts, but every time he comes back with a new one it magically gets the * permission. I have looked through the logs, and no commands are issued by anyone to give him all permissions. He logs on an account for the first time, and just starts executing commands.

    Any ideas on how to stop him?
     
  2. Offline

    mrCookieSlime Retired Staff

    ben1122a
    Could you maybe provide a list of your Plugins? Maybe an author has included malicious code :?
     
  3. Offline

    17xDillz1997

    Post your permissions plugin config here.
     
  4. Offline

    ben1122a

    I did some research on poisoned plugins. Used some of the more command commands like "==" and "#" and "anticheat", none of them did anything.
    Permissions config:
    http://pastebin.com/SK3UKTau
    List of plugins: [​IMG]
     
  5. Offline

    timtower Moderator Moderator

    ben1122a Try to find a download page for all of those. If it doesn't have one, then please say so, might be malicious then.
     
  6. Offline

    XD 3VIL M0NKEY

    ben1122a
    What I would suggest is to whitelist the server. Make sure he's not on it and then manually look at each plugin and try to find it's BukkitDev page. As timtower said, there may be a malicious plugin, there were a few found not too long ago and they were pretty nasty. I've had people come on my servers before and magically have operator permissions, this was a long time ago though. Back when ForceOP worked...
    Keep calm and remember that taking a backup is never a bad idea.

    Hope I helped and good luck finding the little bugger.
     
  7. Offline

    ben1122a

    Okay I will do that. In the mean time, I realized that the hacker gave himself op on a first account by logging in as one of the admins. However, since then, he has magically had permissions on all his accounts. Is is possible he could have hidden a commandsign that he created when he had op? I ask this because another player, one with a normal ip address, also ended up with the * permission as well.
     
  8. Offline

    timtower Moderator Moderator

    ben1122a Possibility, or commandblock
     
  9. Offline

    TGRHavoc

    You're not running the server in offline mode are you? If you are then all the "hacker" has to do is log into the server using your, or an OPs, name then BOOM, they have OP.

    Edit: If you're not running it in offline mode then I have to assume that you're using Bungee. If this is so then make sure that you have correctly configured the Bungee server to only allow people to join from your main server (The one that should be in online mode)
     
  10. Offline

    Syd

    There is your problem.
    Either your server runs in offline-mode, aka "PLEASE destroy my server!"-mode, or one of your admins has been hacked.
    I'd go for the first one.

    Set your server in online-mode, otherwise nobody can help you.
     
  11. Offline

    MrAwellstein

    If your server is in offline mode, you can keep it that way, as long as you have an Auth plugin to make sure that no one can access someone else's account. Also you should check your ops.txt in the root of the bukkit folder.
     
  12. Offline

    XD 3VIL M0NKEY

    MrAwellstein
    Offline mode servers are not supported here.
     
  13. Offline

    MrAwellstein


    Don't be rude, giving advice is proper when you know a solution and you need to keep in mind that not everyone has a minecraft account.
     
  14. Offline

    Gater12

    But this problem can be solved by turning online-mode to true. This is why Bukkit won't support offline servers here, because mainly all the problems are solved by just turning the option to true. If you're going to properly run an offline mode server you should be aware of these possibilities.
     
  15. Offline

    MrAwellstein


    Yes, which is why I said he needs an Auth plugin.


    That is taking the easy way out, which might not work for every case.
     
  16. Offline

    ben1122a

    I understand why everyone is saying I should go premium. That being said, I would also like to go premium. However, we have a playerbase of around 500ish, and me+the rest of the admin team are debating on whether or not going premium will kill the server.

    We have authme installed, and have bungeecord configured so they can only join the lobby. Lobby is protected by crazylogin, and the hacked server now has authme passwords for all the admin accounts. As i said before, he only logged in as an admin once (no idea how, since he should only be able to join from the lobby)
     
  17. Offline

    moe097

    ben1122a
    Just make an announcement saying you are changing the server to online mode, then change it and run it in online mode. Use the server in online mode for a certain amount of time. If it kills your server change it back. If the hacker comes back after changing it back to offline, try to find a solution. The downside is, if this doesn't work you loose a little bit of money from buying premium. Yet, your not really loosing money because premium is worth the money, especially if you like getting on other servers. You might want to make sure that your admins are willing to buy premium too (If they already haven't).

    It would be really great if you created a social media page for your server, or a website for it (If you already don't have one) that way you could keep your players informed on the situation and when the server will be premium, or when it will be changed back to offline mode.
     
  18. Offline

    Skionz

    moe097 Or he could just download an authentication plugin :p
     
  19. Offline

    eyamaz

    Servers running in offline mode are not supported. This topic is locked.
     
Thread Status:
Not open for further replies.

Share This Page