PSA: Malicious plugins: NanoGuard Anticheat and InfiniteDispenser

Discussion in 'Community News and Announcements' started by EvilSeph, Sep 11, 2013.

Thread Status:
Not open for further replies.
  1. Offline

    EvilSeph Retired Staff

    It has come to our attention that the plugins "NanoGuard Anticheat" and "InfiniteDispenser" have been distributing potentially malicious code hidden within their update process. We urge all server admins running these plugins or who have run these plugins to read this PSA carefully and follow the advice given immediately.

    We strongly advise all server admins to cease using these plugins immediately:
    • NanoGuard Anticheat (Default file name: NanoGuardJAR.jar or similar)
    • InfiniteDispenser (Default file name: InfiniteDispenser-3.2.jar or similar)
    As a general precaution, we strongly recommend that all server admins perform a full examination of their server, keeping an eye out for unknown plugins or suspicious behaviour - as is proper on a periodic basis. We also would like to remind server admins to avoid running anything with root or admin privileges without taking the proper precautions to safeguard against the security risks it poses.

    In accordance with our community policies regarding malicious code, these projects and their files have been completely removed from our sites and the individuals associated have been banned. While we do not - and cannot - guarantee we'll catch everything, our approval process is an ever evolving aspect of our project and we believe that it is an integral piece in providing server admins with peace of mind when running their servers.

    Thanks for your continued support and understanding in this matter,
    EvilSeph
    - on behalf of the Bukkit Project
     


  2. Yeah. I got a message from my host that a process triggered from my server called "minerd" came up after I installed InfiniteDispenser.
     
  3. Offline

    Sensrbest

    All MY SERVER FILES WHERE DELETED i guess its because of this!! Thanks a lot!
     
  4. I also kept a copy of it just in case.
     
  5. Offline

    joeybab3

    EvilSeph ok thanks for telling me, but id like to continue using my server now. i cant with the message, i removed the p[lugin.
     
  6. I've downloaded the "pluginupdate.jar" and decompiled it. Looks like it's tied to a botnet...
    [​IMG]
     
  7. That looks nasty....
     
  8. What is that "pluginupdate.jar" ? how to get that? that downloading with update to one of that plugins?
     
  9. You don't want it. End of story.
     
  10. bfgbfggf
    If you have one of the plugins stated above, there is code in there that downloads the pluginupdate.jar from the developers website.

    If you have it, remove it. It's absolutely atrocious.
     
  11. Offline

    grid21

    What was in those plugins that can make a security risk? What exactly did it do to servers?
     
  12. Offline

    JHalt

    As LazyLemons indicated above, it appears that servers with these 'dirty plugins' installed are being exploited as DDoS Attack servers.

    [​IMG]
     

  13. If I remembered correctly, minerd is a program that I used to mine bitcoins with, maybe the dev wanted some money with bitcoins? Its just inethical to install a CPU hogging software on people's computers without their consent...
     
  14. Offline

    Gliby

    Holy crap, using bukkit minecraft servers to DDOS. That's pretty damn cruel.
     
  15. ... I don't want it... I only want know what that... And how that work. (Why is dangerous)
     
  16. It can get you suspended and kicked off a host, and uses up your server's resources, making it likely much slower.
     
  17. Even if you have good intentions and try to update your plugin from your own website, nothing says that tomorrow your website doesn't get hacked and the file gets replaced.

    Auto-updaters in general are a problem. Your server could auto-update with a version that doesn't work and in which the auto-updater is broken, leaving your server broken. It's better to run a working older version and to manually update when you have time to.
     
  18. Offline

    Awesomeman2

    Its better that you got it know then never!
     
  19. Offline

    Turtle5204

    It auto-DDoS's your server. Don't know what a DDoS is? Look it up. It'll block your server.
     
  20. Offline

    user_43347

    Block? What?
     
    KawaiiNeko, 1mpre55 and Chinwe like this.
  21. Offline

    grid21

    Oh wow! That's crazy they tried using servers to DDoS! That's really sick and wrong! Good job Bukkit team for catching these people!
     
  22. Offline

    Johnanater

    Hey, I love infinite dispenser! It's too bad they did that but will the old versions still work and I won't have any malicousness? And if so please reply with a link to another one! Thnx EvilSeph for letting all of of know!
     
  23. Offline

    aaron5015

    but i got infinitedispencer 2.5 it works good :( i dont wanna get rid of it unless someone can give me another one thats good just like it but i tried one a long time ago and it wouldnt work well with redstone sometimes but this did
     
  24. Offline

    Turtle5204

  25. Wow, glad i never got this plugin, Will anybody be remaking a plugin that does infinite dispensers without all the nasty stuff?
     
  26. about 2 months ago i used Infinite dispenser. and BAM! My server world was full with a miljions of Fireworks and Crashes It took me 1 Month to fix it.
     
  27. Offline

    Turtle5204

    Probably someone hooked a bunch of infinite dispensers with fireworks in them attached to rapid clocks.
     
  28. Offline

    user_43347

    I'm aware what a DDoS does, but I don't think you are if you think it blocks the server or website.
     
    1mpre55 and NextInLine like this.
  29. I might have to make my own now, such a great plugin.. Gonna get to work xP
     
Thread Status:
Not open for further replies.

Share This Page