PSA: Malicious plugins: NanoGuard Anticheat and InfiniteDispenser

Discussion in 'Community News and Announcements' started by EvilSeph, Sep 11, 2013.

Thread Status:
Not open for further replies.
  1. Offline


    It has come to our attention that the plugins "NanoGuard Anticheat" and "InfiniteDispenser" have been distributing potentially malicious code hidden within their update process. We urge all server admins running these plugins or who have run these plugins to read this PSA carefully and follow the advice given immediately.

    We strongly advise all server admins to cease using these plugins immediately:
    • NanoGuard Anticheat (Default file name: NanoGuardJAR.jar or similar)
    • InfiniteDispenser (Default file name: InfiniteDispenser-3.2.jar or similar)
    As a general precaution, we strongly recommend that all server admins perform a full examination of their server, keeping an eye out for unknown plugins or suspicious behaviour - as is proper on a periodic basis. We also would like to remind server admins to avoid running anything with root or admin privileges without taking the proper precautions to safeguard against the security risks it poses.

    In accordance with our community policies regarding malicious code, these projects and their files have been completely removed from our sites and the individuals associated have been banned. While we do not - and cannot - guarantee we'll catch everything, our approval process is an ever evolving aspect of our project and we believe that it is an integral piece in providing server admins with peace of mind when running their servers.

    Thanks for your continued support and understanding in this matter,
    - on behalf of the Bukkit Project
  2. Offline


    Seems that the plugin author of infinitedispenser can make your server load any class he wants through updating.
  3. Offline


    Please with this post... stop to spam me with do not download mine or insulting me ... my plugin is called InfinityDispenser and not InfiniteDispenser , it's doing the same thing ... but without botnet ...
    Thanks for read ...

  4. Offline


    Anticheat was Famous. Was.
  5. Offline


    AntiCheat still exists. This malicious plugin was NanoGuard Anticheat - a different plugin entirely.
  6. Offline


  7. Offline


    Lol, My server just got hacked and completely taken over wonder if was from the infindip plug XD.
  8. Offline


    There's many ways to get your server hacked, but it might be likely.
  9. Offline


    All source submitted to DBO should be required to be GPL with source in the jar and/or github repo. A lot of admins take bukkit to be the itunes store of minecraft and download whatever is here as holy grail.. that's why I was a proponent of a vetting/rating system on plugins.. and as soon as you retort - it's the admin's responsibility.. you all do realize that something like 90% of minecraft servers are hobby/casual/amateur servers run by KIDS. Good catch on these but i'm sure there are more out there.. keep your eyes open.
  10. Offline


    Yay, I'm 100th comment, and, a lot of people use Git Hub, and I would love to, but it's so complex for me to understand xD, so once I find out, I'd put my plugin on it.

    And, the fact that people used a botnet in a plugin, is so cruel....
  11. Offline


    None of that would stop someone compiling a jar that is a modified version of what you see in the included source.
  12. Offline


    Thought of that after I wrote it and hit post. Obfuscated code is immediately rejected right?
  13. Thank you Bukkit staff for finding this out the last thing we need is a bunch of serverboxs that are apart of a zombie net ddosing are fourms!
  14. Offline


    See the Project Submission Guidelines here:
  15. Offline


    Man that's cruel, what if the same dev's use Proxy IP's and creates new accounts?

    Someone should get the IP's its trying to attack to, and report this matter to the police
  16. Offline


    I KNEW IT!!!
    I am so glad i posted that comment telling everyone it was a malicious plugin...
  17. Offline


    You should have reported the project, not post comments. Authors can delete comments, they cannot handle reports.
  18. Offline


    Acording to Manevolent they made another botnet on bukkit dev and "recovered their losses"
  19. Offline


    We see no evidence of that at this time.
  20. Offline


    Zilacon It is probably just a fear inducing message. When losing, some use terror for weapon.
  21. TnT Shouldn't it be safer to tell people what site it was hosted on? I mean, you know where it's hosted on, I know where it's hosted on, but others may not. The site is empty, for now, but maybe in the future if they add things then people can avoid it...
    tommycake50 likes this.
  22. Offline


    I know right. Guess my server won't have drop parties anymore :p everybody is going to complain.... ugh.

    I'm running my anti-virus in case, thank god McAfee was made :)
    That might of explained of my 3 servers failing getting an internal server error. They all had Infinite Dispenser, but I abandoned my other couple servers because I was noobie at permissions lol. They didn't have infinite dispenser and worked FINE for ages! Man. Infinite Dispenser..... do you have to do this to me ;(

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
    Last edited by a moderator: Jun 4, 2016
  23. Offline


    Yeah, I don't like the fact it uses our real money one way or another, you might get fined for DDoS, you might over-use your data allowance, you certainly would get server downtime, you might have to purchase more RAM for your server too, because this would eat through it.

    Also, I think it may have installed a keylogger on my PC, cuz I ran it on my laptop, and then a few weeks later, someone hijacked my Skype and said some various stuff, including to download something called "Paradigm Spammer", which might be related to this. Then I found a program called Audiodg.exe in my Appdata folder, which icon was a grass block, so I knew this program was some minecraft related virus, and this might be it, since it only happened after I found out this (malicious) plugin

    And when I tried to use it a few months later, my internet usage went through the roof, as well as it taking over my microphone and stuff, and then I removed it (cuz it was in the same location)
  24. Offline


    Ah! This is all explained now!
    I installed Nanoguard and had issues with it hitting 100% CPU usage. I posted that it was doing this, and the plugin owner deleted my post. Obviously that's why.

    Such a shame, Nanoguard was a excellent idea at its core.
  25. Offline


    Wow - looking through the code for this, he didn't have a half-bad plugin. Shame that the plugin had to fall like this.

    The pluginupdate.jar seems to have been removed from his website also, so servers still with the plugins *should* be safe, if they haven't already been infected, but removing it is still the best course of action.
  26. Offline


    Any chance you guys will be running for Congress? =P
    1mpre55, DxDy, Codex Arcanum and 2 others like this.
  27. Offline


    McAfee will do no good, or any other antivirus in this situation.
    1mpre55 likes this.
  28. Offline


    Cant say these guys aren't throwing enough hints at Bukkit...
  29. Offline


    Well they can train the staff to look through all the code in detail, not at a glance, spot out any sort of bot
  30. Guys really, the staff is doing a great job, if you think the opposite well then go make your own server software and go maintain it yourself. Kids these days, thinking they can say and get anything they want...
    RockyMan13 and thelectronicnub like this.
  31. Offline


    Great job Bukkit Staff.:)
Thread Status:
Not open for further replies.

Share This Page