PSA: Malicious plugins: NanoGuard Anticheat and InfiniteDispenser

Discussion in 'Community News and Announcements' started by EvilSeph, Sep 11, 2013.

Thread Status:
Not open for further replies.
  1. Offline

    EvilSeph Retired Staff

    It has come to our attention that the plugins "NanoGuard Anticheat" and "InfiniteDispenser" have been distributing potentially malicious code hidden within their update process. We urge all server admins running these plugins or who have run these plugins to read this PSA carefully and follow the advice given immediately.

    We strongly advise all server admins to cease using these plugins immediately:
    • NanoGuard Anticheat (Default file name: NanoGuardJAR.jar or similar)
    • InfiniteDispenser (Default file name: InfiniteDispenser-3.2.jar or similar)
    As a general precaution, we strongly recommend that all server admins perform a full examination of their server, keeping an eye out for unknown plugins or suspicious behaviour - as is proper on a periodic basis. We also would like to remind server admins to avoid running anything with root or admin privileges without taking the proper precautions to safeguard against the security risks it poses.

    In accordance with our community policies regarding malicious code, these projects and their files have been completely removed from our sites and the individuals associated have been banned. While we do not - and cannot - guarantee we'll catch everything, our approval process is an ever evolving aspect of our project and we believe that it is an integral piece in providing server admins with peace of mind when running their servers.

    Thanks for your continued support and understanding in this matter,
    EvilSeph
    - on behalf of the Bukkit Project
     
  2. Offline

    Mrawesomecookie

    Seems that the plugin author of infinitedispenser can make your server load any class he wants through updating.
     
  3. Offline

    Xephi59

    Please with this post... stop to spam me with do not download mine or insulting me ... my plugin is called InfinityDispenser and not InfiniteDispenser , it's doing the same thing ... but without botnet ...
    Thanks for read ...

    Xephi
     
  4. Offline

    ZeinH

    Anticheat was Famous. Was.
     
  5. Offline

    TnT Retired Staff

    AntiCheat still exists. This malicious plugin was NanoGuard Anticheat - a different plugin entirely.
     
  6. Offline

    iiHeroo

  7. Offline

    odysseydead

    Lol, My server just got hacked and completely taken over wonder if was from the infindip plug XD.
     
  8. Offline

    iiHeroo


    There's many ways to get your server hacked, but it might be likely.
     
  9. Offline

    tremor

    All source submitted to DBO should be required to be GPL with source in the jar and/or github repo. A lot of admins take bukkit to be the itunes store of minecraft and download whatever is here as holy grail.. that's why I was a proponent of a vetting/rating system on plugins.. and as soon as you retort - it's the admin's responsibility.. you all do realize that something like 90% of minecraft servers are hobby/casual/amateur servers run by KIDS. Good catch on these but i'm sure there are more out there.. keep your eyes open.
     
  10. Offline

    iiHeroo


    Yay, I'm 100th comment, and, a lot of people use Git Hub, and I would love to, but it's so complex for me to understand xD, so once I find out, I'd put my plugin on it.

    And, the fact that people used a botnet in a plugin, is so cruel....
     
  11. Offline

    TnT Retired Staff

    None of that would stop someone compiling a jar that is a modified version of what you see in the included source.
     
  12. Offline

    tremor

    Thought of that after I wrote it and hit post. Obfuscated code is immediately rejected right?
     
  13. Thank you Bukkit staff for finding this out the last thing we need is a bunch of serverboxs that are apart of a zombie net ddosing are fourms!
     
  14. Offline

    riking

    See the Project Submission Guidelines here: http://wiki.bukkit.org/BukkitDev:Project_Submission_Guidelines#Obfuscation
     
  15. Offline

    Plo124

    Man that's cruel, what if the same dev's use Proxy IP's and creates new accounts?

    Someone should get the IP's its trying to attack to, and report this matter to the police
     
  16. Offline

    Zilacon

    I KNEW IT!!!
    I am so glad i posted that comment telling everyone it was a malicious plugin...
     
  17. Offline

    TnT Retired Staff

    You should have reported the project, not post comments. Authors can delete comments, they cannot handle reports.
     
  18. Offline

    Zilacon

    Acording to Manevolent they made another botnet on bukkit dev and "recovered their losses"
    http://prntscr.com/1rnqir
     
  19. Offline

    TnT Retired Staff

    We see no evidence of that at this time.
     
  20. Offline

    ZachBora

    Zilacon It is probably just a fear inducing message. When losing, some use terror for weapon.
     
  21. Offline

    CaptainBern Retired Staff

    TnT Shouldn't it be safer to tell people what site it was hosted on? I mean, you know where it's hosted on, I know where it's hosted on, but others may not. The site is empty, for now, but maybe in the future if they add things then people can avoid it...
     
    tommycake50 likes this.
  22. Offline

    JakeTehBoss

    I know right. Guess my server won't have drop parties anymore :p everybody is going to complain.... ugh.

    I'm running my anti-virus in case, thank god McAfee was made :)
    --------
    That might of explained of my 3 servers failing getting an internal server error. They all had Infinite Dispenser, but I abandoned my other couple servers because I was noobie at permissions lol. They didn't have infinite dispenser and worked FINE for ages! Man. Infinite Dispenser..... do you have to do this to me ;(

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jun 4, 2016
  23. Offline

    Plo124

    Yeah, I don't like the fact it uses our real money one way or another, you might get fined for DDoS, you might over-use your data allowance, you certainly would get server downtime, you might have to purchase more RAM for your server too, because this would eat through it.

    Also, I think it may have installed a keylogger on my PC, cuz I ran it on my laptop, and then a few weeks later, someone hijacked my Skype and said some various stuff, including to download something called "Paradigm Spammer", which might be related to this. Then I found a program called Audiodg.exe in my Appdata folder, which icon was a grass block, so I knew this program was some minecraft related virus, and this might be it, since it only happened after I found out this (malicious) plugin

    EDIT
    And when I tried to use it a few months later, my internet usage went through the roof, as well as it taking over my microphone and stuff, and then I removed it (cuz it was in the same location)
     
  24. Offline

    303i

    Ah! This is all explained now!
    I installed Nanoguard and had issues with it hitting 100% CPU usage. I posted that it was doing this, and the plugin owner deleted my post. Obviously that's why.

    Such a shame, Nanoguard was a excellent idea at its core.
     
  25. Offline

    j_selby

    Wow - looking through the code for this, he didn't have a half-bad plugin. Shame that the plugin had to fall like this.

    The pluginupdate.jar seems to have been removed from his website also, so servers still with the plugins *should* be safe, if they haven't already been infected, but removing it is still the best course of action.
     
  26. Offline

    batbat



    Any chance you guys will be running for Congress? =P
     
    1mpre55, DxDy, Codex Arcanum and 2 others like this.
  27. Offline

    cMan_

    McAfee will do no good, or any other antivirus in this situation.
     
    1mpre55 likes this.
  28. Offline

    Zilacon

    [​IMG]
    Cant say these guys aren't throwing enough hints at Bukkit...
     
  29. Offline

    Plo124

    Well they can train the staff to look through all the code in detail, not at a glance, spot out any sort of bot
     
  30. Offline

    CaptainBern Retired Staff

    Guys really, the staff is doing a great job, if you think the opposite well then go make your own server software and go maintain it yourself. Kids these days, thinking they can say and get anything they want...
     
    RockyMan13 and thelectronicnub like this.
  31. Offline

    Go4Nightfire

    Great job Bukkit Staff.:)
     
Thread Status:
Not open for further replies.

Share This Page