My Bukkit Server Got Hacked! How?

That does not mean anything.

For OP and everyone else: xAuth has a bug, which hackers have taken notice of, that allows them to bypass it and log in with any username.

By banning a player all it does is ban their username, so no matter who it is or what IP they have, it won't allow that username in. By banning an IP, it does not allow any usernames in that are trying to log in with that IP.

Hacking clients have built in features to quickly change the player's name, and most support proxies so that the player can get a new IP to bypass IP bans. It's unlikely that you'll be able to keep them away, but you can keep them from hacking by going into online mode.

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

Can someone make a plugin like IP list and your set up a playername for ane EX

Ban-List Players:
winter4w 291.272.4327

So when someone tries to login as that name and dont have that ip it will ban the ip address but if they do have that ip then they can join it.

 

Oh, the solution to so many 'Z0MG I W4Z HAKKED' issues ^ I think we should get it put in big red letters at the top of the help forum.

 

Yeah i agree...

 

You got hacked because of xauth, watch this video : this works by the way, i tried it once.

 

Locked. Don't use offline mode. Don't support piracy.

Well, I suppose you can use offline mode, and you can support piracy, but then you can also get "hacked". Enjoy.