[Security Bulletin] Do not test/run op gain exploit programs!

Discussion in 'Community News and Announcements' started by EvilSeph, Mar 15, 2012.

Thread Status:
Not open for further replies.
  1. Offline

    EvilSeph Retired Staff

    There is no way for anyone to illegitimately gain op on your server unless you are running your server in offline mode. Any program in existence that claims otherwise is trying to lure you into running it (in an effort to see if your server is at risk) to steal your information.

    You'll notice that in every video you either have to have the program running before you login or need to login, run the program and restart Minecraft. This is because these programs are designed to take the IP you enter into the ForceOP hack for testing, your username and password and send it to the creator. Even if this is not the case, it is fairly simple to put together a fake, convincing video by simply modifying the client to respond to "/op" and print local messages to make it seem like the user has gotten op.

    Regardless, any programs offered for download accompanying these videos or public reports of op force hacking or the like are usually sending the creator an email that says something like:
    "New server to grief: <IP you entered - usually your server, since you want to be sure your server is safe>
    Username: <you username>
    Password: <your password>"

    Every single time someone reports this issue, it turns out to be the same thing. A malicious program designed to fool server admins into thinking their server is at risk, running to try it out and make sure they aren't. Then later finding their server has been attacked by someone with op because they know your username and password, and thus can op anyone they want on your server.

    Until someone brings a real exploit that allows you to gain op to my attention, we'll have to continue stopping the discussion of and advising against the discussion of this 'hack' to slow down it spreading. We take every exploit report we get seriously and investigate each and every one. To this day, we have been unable to find a legitimate exploit to gain op in any server and every reported exploit has turned out to be a malicious program that collects your information in an effort to exploit you and your server.

    If you're looking to report an exploit, we advise people to stop posting exploit discussions publicly and, instead, contact one of my Admins, myself or create a private ticket on http://leaky.bukkit.org.
     
  2. Don't run a cracked server. Case-closed.
     
  3. Offline

    StealthBravo

    Exactly.

    Anyone that runs these force OP things aren't very smart, they're either a virus, or as Seph said, just an attempt to steal your info.
     
  4. Offline

    pyraetos

    Snipped your post, we don't support offline servers, and don't want for the act of running one to be spread among the community.
     
  5. Offline

    chaseoes Retired Staff

    A post that says "<snip>" contributes nothing to this discussion.. would it not be better to just delete it?
     
  6. Offline

    exoforce

    OK i understand you wouldn't want it to "spread" but my post was just to demonstrate the abundance of plugins on Bukkit that help out server owners with every possible problem... Now other people can't see that. How does that help people? Besides my servers only cracked while its in development.
     
  7. That would be offline mode then, not "cracked" :p
     
  8. Offline

    exoforce

    Most people refer to Offline mode as "cracked". I don't know why... It's just a single word's difference, and really just safemode for MineCraft.
     
Thread Status:
Not open for further replies.

Share This Page