PSA: Malicious plugins: NanoGuard Anticheat and InfiniteDispenser

Discussion in 'Community News and Announcements' started by EvilSeph, Sep 11, 2013.

Thread Status:
Not open for further replies.
  1. Offline

    EvilSeph Retired Staff

    It has come to our attention that the plugins "NanoGuard Anticheat" and "InfiniteDispenser" have been distributing potentially malicious code hidden within their update process. We urge all server admins running these plugins or who have run these plugins to read this PSA carefully and follow the advice given immediately.

    We strongly advise all server admins to cease using these plugins immediately:
    • NanoGuard Anticheat (Default file name: NanoGuardJAR.jar or similar)
    • InfiniteDispenser (Default file name: InfiniteDispenser-3.2.jar or similar)
    As a general precaution, we strongly recommend that all server admins perform a full examination of their server, keeping an eye out for unknown plugins or suspicious behaviour - as is proper on a periodic basis. We also would like to remind server admins to avoid running anything with root or admin privileges without taking the proper precautions to safeguard against the security risks it poses.

    In accordance with our community policies regarding malicious code, these projects and their files have been completely removed from our sites and the individuals associated have been banned. While we do not - and cannot - guarantee we'll catch everything, our approval process is an ever evolving aspect of our project and we believe that it is an integral piece in providing server admins with peace of mind when running their servers.

    Thanks for your continued support and understanding in this matter,
    EvilSeph
    - on behalf of the Bukkit Project
     
  2. Online

    timtower Moderator Moderator

    Everybody makes mistakes, and you are saying it now don't you?
     
  3. Offline

    DarkRiddles

    :)

    This was one mistake, Out of how many? think just 1.. So I'm pretty sure you guys are doing a good job. I got confuse during all this chat, did they get ban? and did they also try to do this? This is what I got from everything
    Something about a url redirect and some one got ban?

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jun 4, 2016
  4. Offline

    eliotsmithgt

    I was on my way to report these plugins right as they went down. The infinitedispenser one was a nightmare, a group of hackers (team lixo) were able to get in to the console, add and remove items as they please and stop the server. If you have either of these plugins DELETE THEM listen to bukkit, they will come on your server otherwise. The group behind it are team lixo.
     
  5. Offline

    pacificfils

    wow...Thanks staff.
     
  6. Offline

    SoS_Dylan

    All of the users that we're developing the plugins have been banned.
     
  7. Offline

    Mayor_Mike

    Good thing I decided not to use these Plugins then.
     
  8. Offline

    Lolmewn Retired Staff

    Thank you. Optimism like this keeps me going ;)
     
  9. Offline

    codename_B

    If anything this reinforces why the approval process takes "so long".
    People should take comfort from the fact that you did catch this, even if it was a little later than it should have been.

    The Bukkit staff have the best interests of the community at heart and we all luff u staffs!
     
    KawaiiNeko, kezz101, np98765 and 4 others like this.
  10. Offline

    Axe2760

    A little late, but thanks staff for catching this and fir all your hard work! :) Keeping server owners safe by manually checking through the hundreds or thousands of plugins there are when they are submitted is quite a feat, keep it up! :)

    Side note: Time to make a new (legit) infinite dispensers plugin.. :O
     
  11. Offline

    felixislive

    So all of the Infinity dispensers are infected?
     
  12. Online

    timtower Moderator Moderator

  13. Offline

    tips48

    Well that's funny.
     
  14. Offline

    Skyost

    That's why I make all my plugins open source...
     
  15. Offline

    TnT Retired Staff

    Offtopic posts removed. This is not a thread to discuss what alternate plugins exist - if you wish to make one, feel free to post a thread in Bukkit Discussion.
     
  16. Offline

    deathgleaner

    I'm glad I never actually installed that plugin. I was looking around the entire bukkit website for an infinite dispenser plugin and didn't install this one :p
     
  17. Damn I used infinitedispenser, what now :(!?
     
  18. Offline

    fromgate Retired Staff

    Who was creators of this plugins? Does they creates other plugins that could be dangerous too?
     
  19. Offline

    Dpasi314

    fromgate
    All plugins associated with the developer(s) who made InfiniteDispensers and NanoGuard Anitcheat have been removed from BukkitDev. A quick search of their username(s) confirms this.

    At least I believe this is the case, I found out their usernames online and searched DBO to see if they had any plugins left.
     
    fromgate likes this.
  20. Offline

    Willbbz

    Even though the plugin got by the approval process, thanks to whoever found this! Way better than this going unnoticed.
     
  21. Offline

    drchocobo

    Well you know it had to happen sooner or later. There's always people who like to make trouble. Some kid comes along who wants to kick the other kid's blocks over... Funny how almost ALL things in life fall back to such a basic principle.

    Thanks Bukkit Team.
     
  22. :eek: Obrigado pela informação!!! Thank!!!
     
  23. Offline

    meso

    There's always essentials kit's/The loadout plugin/ I think I might write a new infinity plugin.
    I removed the infinite dispenser's plugin from my server a long while ago, I hope that I am safe, I checked my OP list and PEX database and most of my configs but to be on the safe side I will do a clean sweep looking for any of the dev's MC names or any changes that happened when I removed the plugin, hopefully I still have that backup.
     
  24. Offline

    edtrud

    I cant start My server now. I get the same error, tried re-starting server same thing. I removed the plugins made sure no other wierd plugins around
    Error:

    12.09 08:11:30 [Multicraft] Not restarting crashed server.
    12.09 08:11:30 [Multicraft] Server stopped
    12.09 08:11:30 [Multicraft] Looks like a crash, check the server console. Return value: 1
    12.09 08:11:30 [Multicraft] Server shut down
    12.09 08:11:30 [Server] INFO Please see http://forums.bukkit.org/threads/ps...guard-anticheat-and-infinitedispenser.174108/
    12.09 08:11:30 [Server] INFO This is a public service announcement; your server has been compromised by 1 (or more) malicious plugins.
    12.09 08:11:29 [Server] INFO This server is running CraftBukkit version git-Bukkit-1.6.2-R1.0-b2879jnks (MC: 1.6.2) (Implementing API version 1.6.2-R1.0)
    12.09 08:11:29 [Server] INFO Starting Minecraft server on 192.69.215.34:25565
    12.09 08:11:28 [Server] INFO Generating keypair
    12.09 08:11:28 [Server] INFO Default game type: SURVIVAL
    12.09 08:11:28 [Server] INFO Loading properties
    12.09 08:11:28 [Server] INFO Starting minecraft server version 1.6.2
    12.09 08:11:28 [Multicraft] Loaded config for "CraftBukkit Recommended Build 1.6.2-R1.0 Build # 2879"
    12.09 08:11:28 [Multicraft] Starting server!
    12.09 08:11:28 [Multicraft] Loading server properties
    12.09 08:11:28 [Multicraft] Received start command
    12.09 08:11:20 [Multicraft] Loading server properties
     
  25. Offline

    Gater12

    Thanks for notifying everyone! ;) InfiniteDispensers would have had great potential if it didn't contain malicious code.
     
  26. Try updating to latest build (in multicraft it's the latest reccommended one) and if that doesn't work... That's not good...
     
  27. Offline

    edtrud

    Im using Build #2879 1.6.2-R1.0 RB...
     
  28. Offline

    Dpasi314

    edtrud
    Use this one

    EDIT:
    Yes it's a dev build, but just see if it works before you say no.
     
  29. Offline

    edtrud

    12.09 09:31:20 [Multicraft] Not restarting crashed server.
    12.09 09:31:20 [Multicraft] Server stopped
    12.09 09:31:20 [Multicraft] Looks like a crash, check the server console. Return value: 1
    12.09 09:31:20 [Multicraft] Server shut down
    12.09 09:31:19 [Server] INFO Stopping server
    12.09 09:31:19 [Server] INFO Please see http://forums.bukkit.org/threads/ps...guard-anticheat-and-infinitedispenser.174108/
    12.09 09:31:19 [Server] INFO This is a public service announcement; your server has been compromised by 1 (or more) malicious plugins.
    12.09 09:31:18 [Server] INFO This server is running CraftBukkit version git-Bukkit-1.6.2-R1.0-1-g22f47a8-b2881jnks (MC: 1.6.2) (Implementing API version 1.6.2-R1.1-SNAPSHOT) <-----------------------
    12.09 09:31:18 [Server] INFO Starting Minecraft server on 192.69.215.34:25565
    12.09 09:31:17 [Server] INFO Generating keypair
    12.09 09:31:17 [Server] INFO Default game type: SURVIVAL
    12.09 09:31:17 [Server] INFO Loading properties
    12.09 09:31:17 [Server] INFO Starting minecraft server version 1.6.2
    12.09 09:31:17 [Multicraft] Loaded config for "Default"
    12.09 09:31:17 [Multicraft] Starting server!


    Still no...
     
  30. Offline

    EvilSeph Retired Staff


    Based on your log, it looks like you didn't remove all your plugins. The INFO regarding a "public service announcement" is not found or generated by a standard Minecraft or Bukkit server. Please make sure you've removed all plugins you're not familiar with from your server before trying to start it up again.
     
  31. Offline

    edtrud

    indeed just noticed a: securitypsa.jar

    Thanks alot for the help!
     
Thread Status:
Not open for further replies.

Share This Page