Sign in to follow this  
TheDarkDeuce

[URGENT] Server Got Hacked! Guy's joined with Admin Nicknames and had OP and such...

Recommended Posts

Sup Guy's

 

We are running a tekkit server wich has 2 Admins, me and my brother.

Tonight 2 people joined on our server first with some username, then they relogged 3x times and then somehow had the username "ADMIN1" and "Admin2" (Example)

They had all rights we have, our inventorys, they gave themself god mode, gamemode and nuked our hole spawn and our own bases.

 

Our server.log
http://pastebin.com/V2J8Q1ja

 

(I changed our nicknames to ADMIN1 and ADMIN2)

How is this possible? How could they fake the usernames and use the same rights as we have?

Share this post


Link to post
Share on other sites

It might just be my ignorance, but I'm not familiar with a MCPC+ #244 build. This is the version I'm using:

mcpc-plus-legacy-1.4.7-R1.1-SNAPSHOT-f534-L70.jar
MD5 Sum: 96ffb259dc6efbcd06c8eb766af1de3a

I believe versions prior to this have a flaw in the way session validation happens which allows someone using a particular hacked client to connect as any user. Every since I updated to that version we never had any more issues of that sort. Even though I believe the flaw to be fixed, I still require any player over the rank of Veteran to use the LoginSecurity Bukkit plugin for a second form of protection.

Share this post


Link to post
Share on other sites

It might just be my ignorance, but I'm not familiar with a MCPC+ #244 build. This is the version I'm using:

mcpc-plus-legacy-1.4.7-R1.1-SNAPSHOT-f534-L70.jar
MD5 Sum: 96ffb259dc6efbcd06c8eb766af1de3a

I believe versions prior to this have a flaw in the way session validation happens which allows someone using a particular hacked client to connect as any user. Every since I updated to that version we never had any more issues of that sort. Even though I believe the flaw to be fixed, I still require any player over the rank of Veteran to use the LoginSecurity Bukkit plugin for a second form of protection.

Thats the answer I searched for. Thank you, might wanna share this jar with me?

Share this post


Link to post
Share on other sites

maybe the server had a plugin which could be exploited by the players, i believe this happened to a server i played on about a year ago (i can remember most of the details of what happened that day)

 

interestingly enough, there were two players that day, and one was Adolfhitler, who coincidentally nicknamed me "APoorHelplessJew"

Share this post


Link to post
Share on other sites

As Plow mentioned, LoginAuth should prevent something like that from happening. You also are not the first to have this happen. A bunch of "you know what's" came on CircleCraft once and managed to cause so much destruction that it drove the previous owner away. Luckily, Plow took over and after a little trial and error it came down to using LoginAuth.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this