[WEB/ADMIN] SpaceBukkit Beta 1.2 - Web Administration the awesome way!

Discussion in 'Bukkit Tools' started by SpaceCP, Feb 3, 2012.

Thread Status:
Not open for further replies.
  1. Offline

    nanashiRei

  2. Offline

    Alori

  3. Offline

    nicquehen



    Today my spacebukkit interface is hacked too !

    I back to mcma and i restore a backup for my 4 minecraft server

    They destroyed and my map and they hacked my super user account on my spacebukkit interface.

    ...
     
  4. Offline

    nanashiRei

    Well i'll wait for this to be out of Beta :D not going to take this risk twice.
     
  5. Offline

    Antariano

    I understand. In case you still feel like continuing to beta-test this panel, here's the link to the security patch:

    http://forums.xereo.net/threads/spacebukkit-emergency-security-patch.190

    --Removed
    Dear 9gag

    1) We are doing this for free, in our spare time
    2) Errors happen to everybody, because nobody is perfect
    3) This is open BETA (therefore to fix these kinds of errors that DO occour)
    4) Thanks for your kind words, they keep me motivated and make sure I continue coding this panel because I know that people like you appreciate my work </sarcasm>

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Oct 29, 2015
  6. Offline

    NinjaGrinch

    Best thing to do Mr. Anty is to ignore posts like his and if they are offensive or insulting, then just report it.
     
  7. Offline

    9gag


    Good work keep going !

    EDIT: Learn more about PHP and the Frameworks!
     
  8. Offline

    NeatMonster

    You've just read the issue on our issue tracker, no need to be a genius!
     
  9. Offline

    Inate8

    I appreciate the work you guys have put into everything and I look forward to finally getting this set up on my personal server.

    The only issue I have, and this isn't you guys specific. Video tutorials...

    I'm not sure when they became a thing, but there is nothing else out there that encourages me to learn on my own than bloody video tutorials.

    If you can't be bothered to do a physical page write up for a tutorial, don't do one at all. They are garbage, and horrible to try and reference during an install.

    Otherwise great work, thanks! It's all pretty easy to get going without the tutorials, but less savvy types would probably enjoy it less. Don't take it as a negative, just a kind request.
     
  10. Offline

    NeatMonster

  11. Offline

    DigitalStorm

    I may be mistaken, but I believe he said not to use this for a production server, there will be bugs, after all, it is a beta.

    Keep up the good work!
     
  12. Offline

    nanashiRei

    Well over all the frustration this panel is still awesome. (You should add permission management *cough*) I'll keep testing this, on a test server, and i will just add BasicAuth so there no getting the panel. I am just happy that i have a backup script running, actually only 3 hours of building where lost, and that wasn't much. at least a little bit of my own fault for putting this live on a prod. server :p
     
  13. Offline

    Antariano

    Hahaa yes your right, I'm gonna explain it.
    The video is from back in the early closed beta, when we had absolutely no time nor the will to write proper documentation.
    A video was just a quick way to make a todo for the folks.

    After Open Beta 1.0 there was no time either because of the many bugs. I wanted a stable SpaceBukkit before a proper documentation.
    But after 1.1 spacebukkit is stable, so I took out my whip and started "kindly enforcing" my team to write docs.
    We are rewriting our whole documentation as we speak with a custom coded wiki system that is just amazing. You'll see, it's really WOW.

    Other then that, thanks for your post :)
     
    Inscrutable likes this.
  14. Offline

    chaseoes Retired Staff

    I'm confused what to do with the SpaceRTK. Is it a plugin, do I put it in my plugins folder? Or..? If so:
    But that gives me the feeling I'm not supposed to. Unfortunately there's no documentation anywhere and the video tutorial didn't cover it.
     
  15. Offline

    Inate8

    I appreciate the reply, I'm glad that you saw I meant no disrespect at all and was just giving feedback.

    I'm using your panel in a live server I have planned, and I will continue to support it as long as the dev's continue being awesome.

    Now just to get this log-in bugged figured out! hahah
     
  16. Offline

    NeatMonster

    SpaceRTK has been replaced by SpaceModule. Please read this page.

    About the documentation:
     
  17. Offline

    chaseoes Retired Staff

    Yeah, I figured it out. I had followed this forum post, which apparently isn't updated. :/
     
  18. Offline

    GatsbyTheGreat

    Hey guys,

    First off, great work. As always, your passion for, and dedication to this project is inspirational.

    Regarding security, I had a few ideas:

    777 permissions always seems like a bad idea. Might it perhaps be better to suggest suPHP and 755 as part of the recommended build? In my experience, on modern hardware, the performance disadvantages are overstated.

    And here comes the more radical idea: Would anyone be willing to help me set up an LXC template for a standardized Minecraft+Spacebukkit+LAMP install? I've been trying to do it myself on an Ubuntu rig, but there's not a ton of LXC documentation yet, and my Linux-fu is not up to the task.

    LXC would allow the entire MC + SB server to be contained (in case of security issues) and also would allow granular resource management. Ideally, once a template was set up, other users could install the whole ecosystem with 3 commands in the terminal.

    I can volunteer a server, testing, and time spent documenting the install process for other users, but I'd need help getting this running in the first place...

    Absolutely, if the price is right.
     
  19. Offline

    half_bit

    777 permissions on temporary folders are pretty normal. The other files could maybe also work under 664 permissions if you feel insecure about it, but I don't see how the permissions of some files are such a big security risk.
    That's not a bad idea, I'll try it.
     
    GatsbyTheGreat likes this.
  20. Offline

    Inate8

    Anyone have any idea why I can log in from home, but not when I am at work?

    I go to the exact same address(using a private server, with no-ip.org redirect) I can access the log-in page fine from anywhere, but when I am at home I put in my user name/pass boom, logged in no problem. When I am at work(accessing the same page in the same way, using firefox in both cases) I get kicked out after logging in. Using super-user or my own owner log-in.
     
  21. Offline

    GatsbyTheGreat

    My company does web development and we've been called in to clean up clients' servers in the aftermath of various security breaches. Many of the drive-by attacks inject base64 encoded eval() scripts which, among other things, search for all 777 folders and replicate themselves into the PHP files they find there. (They also modify .htaccess files which they find in these directories.)

    It is hard to say that having directories set to 777 caused the initial infections in every case, but it certainly aids in proliferation once a machine is compromised. We use suPHP on our own systems so that it is never necessary to grant blanket access to a file.

    ... Maybe I'm being superstitious, but I try to avoid 777 as it should never be necessary if the underlying server is configured properly. Of course for many users, this comes down to what their hosting provider has set up but for self-installed XAMPP or whatnot, might as well encourage better practices.

    Feel free to educate me on why this would be a stupid approach. I am no expert, by any stretch of the imagination.
     
  22. Offline

    samrg472

  23. Offline

    Finda

    I feel some how the Space (?) team knows the future and prearranged SpaceCP!
     
    Antariano likes this.
  24. Offline

    cyrilw

    Hmm, I have a weird error at the moment..

    I stopped the rtk-process and started it again with "sh rtoolkit.sh". After this, the SpaceModule automatically updated to the newest version. Now, the server works perfect, but the interface has some Problems (I updated it some days ago [Security Update]).

    It displays the following error: "Server was not reached! Maybe it crashed, maybe the ports are not open. Who knows? You should. Go fix it!" The Server is running and the ports are open (I just restarted it, before, everything worked correct).

    Now the strange thing: I can only click on the settings tab (the other [Players, World etc] disapeared). When I now go to the settings page, I can see all tabs and also the console/chat (which works 0o but only the displaying, I can't execute a command). There is no Error/Warning in the log and the spacebukkit plugin is enabled.

    Does anybody have an Idea?
    Thanks in advance,
    cyrilw
     
  25. Offline

    xGhOsTkiLLeRx

    I love it.

    Does anyone has a startup script for server reboot with screen?
     
  26. Offline

    Antariano

    Make sure you are using the correct salt ( a new one was generated in /SpaceModule/config.yml)
     
  27. Offline

    cyrilw

    Sorry, I didn't read it, that it has generated a new salt^^ Tank you :)

    But now, I have another error :/ It seems that spacebukkit can't load the required data. I already restarted the server and re-loggedin into the panel.
    Heres the image:
    [​IMG]



    EDIT: One day later, the same error occurs like I described yesterday in Post #339
     
  28. Offline

    WhosDaMan

    Hi, I am attempting to install SpaceBukkit on my Mac (OS X Lion). Whenever I try to execute this command to execute mac_install.sh
    Code:
    /Users/baymillers/Desktop/BukkitServer/sbcp/mac_install.sh sudo sh mac_install.sh
    It only says "Permission Denied"

    I have tried a few more commands to try and give me access to execute the file (even edited it in File>Get Info):
    Code:
    /Users/baymillers/Desktop/BukkitServer/sbcp/mac_install.sh chmod mode mac_install.sh a=x
     
    /Users/baymillers/Desktop/BukkitServer/sbcp/mac_install.sh chmod mode mac_install.sh a+x
     
    /Users/baymillers/Desktop/BukkitServer/sbcp/mac_install.sh chmod a+rwx mac_install.sh
    After submitting these commands, it just relays another "Permission Denied" message.

    Can anyone help me get through these permissions so I can run mac_install.sh and install SpaceBukkit? Thanks,
    ~WhosDaMan
     
  29. Offline

    xGhOsTkiLLeRx

    Really weird bug.
    After some time (10 min) the server just restarts.
    No saving of the world before.

    Any idea what it could cause?
    I'll perform some tests, to see if a plugin is causing it...

    Edit:

    running via craftbukkit.jar and not via the toolkit seems to work.
    Could it be, because of the heartbeats? (after 5 -> restart)
     
  30. Offline

    Jamy

    Is the remotetoolkit plugin installed?
     
Thread Status:
Not open for further replies.

Share This Page