Online-Mode = True But Still Hacked?????!!!!!

Discussion in 'Bukkit Help' started by gotmine, Apr 18, 2012.


Do you like HotDogs :3

  1. Yes

    4 vote(s)
  2. No

    1 vote(s)
Thread Status:
Not open for further replies.
  1. Offline


    A guy Named captianxcommando (or something like that) comes onto my server and he played it for a while. (more than 1 week) 2nd, he tells me to join his server because he is testing permissions on his server. 3rd I cant log onto his server says, "end of stream" tried 3 times. 4th as i log back into my server hes already on my server making himself op and editing my text files (i observe this through my console too). 5th when ever i start my server now i receive a outofmemory error and it cannot load up the world after my group manager loads.

    Question: 1) Could he have deleted the world? or something inside the world that makes it not load? or could he have added some code that makes it so the server cant load? P.S. i still have my "world" files from what i understand they are still visible in my files.

    2) Is there a way to "rollback" my server to yesterday and all the settings? do you think i should do a system restore on my computer to set it back so all the files change back to normal?

    3) Can he hack my minecraft account if he has my ip address?
  2. Offline


    most likley thing that happened.
    1 you tried to join his server
    2 his server hi-jacked your user/pass being sent to
    3 he logged in as you and oped himself
    4 idk how he could edit txt files unless you mean running commands
    5 he probably spammed drops or a ton of entities of some sort
  3. Offline


    Could you post your server.log
    Put it in CODE tags

    I could have an Idea of what might of happened
    Open up the file that starts the server
    (Start_server.bat) Possibly

    Post it here
  4. Offline


    The idea is correct, but that's not exactly how it works. The attacker can't hijack anything that's sent to, but he can trick the victim into doing the authentication step for him by luring him on a fake server.

    I've written a lengthy explaination on how that is possible here (scroll down a bit to "The attack" and "How it works", for those that are interested. Also, dear gotmine , be sure to complain at Mojang about this bug and demand them to fix it. It is their fault that this is possible at all and only they can fix it.
  5. Offline


    Hackers????????? hmm,,,,,,,, have you tried going through your server........log????????
    ^ annoying isn't it. There's no need to to 5 ?'s and !'s
  6. Offline


    well reword, they hi-jack the session am i correct? i actually read your explanation a few days ago, very interesting
  7. Offline


    Yes, that's a better way to label it.
  8. Offline


    Ok this all makes sence! Thank you guys! Ps THANK GOD FOR WINDOWS 7! All as i had to do was restore the craftbukkit server to a previous date and that fixed the problem right up :)

    But rolled the server back 2 days XD thats ok i dont care lol as long as my members can still play the world!

    Now we know not to log onto fake servers :p

    Thanks again!
  9. Offline


    holy shit mojang really needs to fix this exploit
Thread Status:
Not open for further replies.

Share This Page