How do I prevent minecraft ip hackers?

Discussion in 'Bukkit Help' started by Puggyblue999, Apr 28, 2012.

Thread Status:
Not open for further replies.
  1. Offline

    Puggyblue999

    Hi so I was playing on my minecraft server then someone asked if I could go on their server. I said yes and the person only wanted me to go on to figure out my public IP address. Now the hackers have power to op theirself and use admin plugins, and worst of all, grief my protcted areas. I turned on whitelist and I still get griefed and I ip banned them and tried almost everything. Is there a way to change my public ip to stop this? If you know please put in the replies.
     
  2. Offline

    xLoGiiKzZo

    Is your server in Offline/Cracked?
     
  3. Offline

    Puggyblue999

    no its full legit and has whitelist and everything
     
  4. Offline

    xLoGiiKzZo

    Well its not possible to Hack into your server by justing having your IP. Did you download anything?
     
  5. Offline

    Puggyblue999

    No I just went on the dude's server and now he has full control over my server
     
  6. Offline

    imaxorz

    He hijacked your login info when you logged into his. I assume you had OP too?

    Stop your server, clear your OP list, ban the guy, change your Minecraft account password, and maybe even email account associated with it if you used the same password.

    Then you should be ok.
     
  7. Offline

    Puggyblue999

    he only knows my ip
     
  8. Offline

    sanjar12345

    Change your ip?
     
  9. Offline

    mbaxter ʇıʞʞnq ɐ sɐɥ ı

    Read what imaxorz said and clean up your server. Don't join that other server again and you'll be fine.
     
  10. Offline

    TopazTheWarlus

    to stop hackers keep on getting in get iplock or mc bans something like that maby
     
  11. Offline

    I_ChoPPerZ_I

    I would just like to point out this happened to me today. A player names Zico77 joined with his accomplice YouStoleMyBanana and asked me to test out his server. I did, when I tried to connect it said it was outdated. I joined back onto my server to find he had given himself OP.

    He killed and banned a few of my players. Luckily he was banned before he could do any real damage.

    My idea on how this works is that he used the same DNS hosting service I was using (.uk.to) (tonga dns). He mirrored his hacked DNS onto mine, redirecting my account details onto his server whilst it gave him my details through the DNS.

    I'll paste part of my server log to show you. Take this as an example. Notice how there needs to be an OP on the server for this to happen. He uses YOUR account to do the following:

    2012-05-09 12:51:23 [INFO] Zico77: hey
    2012-05-09 12:51:29 [INFO] Zico77: any ops on ?
    2012-05-09 12:51:32 [INFO] [VanishNoPacket] I_ChoPPerZ_I reappeared.
    [INFO] Creating empty config: /home/tcagame/AlexanderD/354/plugins/Essentials/userdata/youstolemybanana.yml
    2012-05-09 12:51:33 [INFO] YouStoleMyBanana [/--Their IP--] logged in with entity id 995346 at ([world] 406.5, 92.62000000476837, 1410.5)
    2012-05-09 12:51:34 [INFO] [Owner] ChoP: welcome
    2012-05-09 12:51:37 [INFO] Zico77: chop
    2012-05-09 12:51:39 [INFO] YouStoleMyBanana: hello
    2012-05-09 12:51:55 [INFO] Zico77: chop
    2012-05-09 12:52:00 [INFO] [Owner] ChoP: Hello
    2012-05-09 12:52:12 [INFO] [PLAYER_COMMAND] Zico77: /msg choP can u test out my new server?
    2012-05-09 12:52:20 [INFO] Zico77: only take 2 seconds
    2012-05-09 12:52:30 [INFO] Zico77: plz
    2012-05-09 12:52:30 [INFO] [PLAYER_COMMAND] I_ChoPPerZ_I: /msg zico ok msg me it pls
    2012-05-09 12:52:32 [INFO] Zico77: ok
    2012-05-09 12:52:45 [INFO] [PLAYER_COMMAND] Zico77: /tell choP Unity,us,to
    2012-05-09 12:52:53 [INFO] [PLAYER_COMMAND] I_ChoPPerZ_I: /r ok
    2012-05-09 12:52:55 [INFO] Zico77: ty
    2012-05-09 12:52:59 [INFO] [VanishNoPacket] I_ChoPPerZ_I disappeared.
    [INFO] [PLAYER_COMMAND] I_ChoPPerZ_I: /r going there now
    5-09 12:53:09 [INFO] Zico77: ok
    2012-05-09 12:53:10 [INFO] Connection reset
    2012-05-09 12:53:10 [INFO] I_ChoPPerZ_I lost connection: disconnect.quitting
    2012-05-09 12:53:12 [INFO] Zico77: :)
    2012-05-09 12:53:26 [INFO] I_ChoPPerZ_I [/--Their IP--] logged in with entity id 1001469 at ([world] 240.17654647450064, 81.37500000000001, 126.8309891985383)
    2012-05-09 12:53:26 [INFO] [VanishNoPacket] I_ChoPPerZ_I disappeared.
    2012-05-09 12:53:26 [INFO] Connection reset
    2012-05-09 12:53:26 [INFO] I_ChoPPerZ_I lost connection: disconnect.endOfStream
    2012-05-09 12:53:33 [INFO] I_ChoPPerZ_I [/--Their IP--] logged in with entity id 1001916 at ([world] 240.17654647450064, 81.37500000000001, 126.8309891985383)
    2012-05-09 12:53:33 [INFO] [VanishNoPacket] I_ChoPPerZ_I disappeared.
    [INFO] I_ChoPPerZ_I: Opping Zico77[0m
    2012-05-09 12:53:33 [INFO] I_ChoPPerZ_I: Opping youstolemybanana[0m
    2012-05-09 12:53:33 [INFO] I_ChoPPerZ_I lost connection: disconnect.endOfStream
    2012-05-09 12:53:36 [INFO] [PLAYER_COMMAND] YouStoleMyBanana: /gm
    2012-05-09 12:53:39 [INFO] I_ChoPPerZ_I [/--My IP--] logged in with entity id 1002670 at ([world] 240.17654647450064, 81.37500000000001, 126.8309891985383)
    2012-05-09 12:53:39 [INFO] [VanishNoPacket] I_ChoPPerZ_I disappeared.
    2012-05-09 12:53:40 [INFO] [PLAYER_COMMAND] Zico77: /ban ChoP
    2012-05-09 12:53:47 [INFO] [PLAYER_COMMAND] Zico77: /gm
    2012-05-09 12:54:00 [INFO] [PLAYER_COMMAND] I_ChoPPerZ_I: /whois zico77
    <13:30:19> "ChoP": 2012-05-09 12:54:01 [INFO] Connection reset
    2012-05-09 12:54:05 [INFO] [PLAYER_COMMAND] YouStoleMyBanana: /kill
    2012-05-09 12:54:06 [INFO] I_ChoPPerZ_I: De-opping zico[0m
    2012-05-09 12:54:07 [INFO] [PLAYER_COMMAND] YouStoleMyBanana: /kill cy
    2012-05-09 12:54:09 [INFO] I_ChoPPerZ_I: De-opping zico77[0m
    2012-05-09 12:54:12 [INFO] [PLAYER_COMMAND] I_ChoPPerZ_I: /ban zico77
    2012-05-09 12:54:13 [INFO] YouStoleMyBanana: Opping zico77[0m
    2012-05-09 12:54:15 [INFO] GroupManager - INFO - Data files refreshed.
    2012-05-09 12:54:22 [INFO] [PLAYER_COMMAND] YouStoleMyBanana: /jump
    2012-05-09 12:54:23 [INFO] I_ChoPPerZ_I: De-opping youstolemybanana[0m
    [INFO] [PLAYER_COMMAND] I_ChoPPerZ_I: /ban youstole
    2012-05-09 12:54:37 [INFO] I_ChoPPerZ_I: Turned on white-listing[0m
    2012-05-09 12:54:39 [INFO] [PLAYER_COMMAND] I_ChoPPerZ_I: /who
    2012-05-09 12:54:48 [INFO] [VanishNoPacket] I_ChoPPerZ_I reappeared.
    2012-05-09 12:54:49 [INFO] [PLAYER_COMMAND] Cy_Ko: /f create King
    2012-05-09 12:54:55 [INFO] [Owner] ChoP: bamaule
    2012-05-09 12:55:26 [INFO] [PLAYER_COMMAND] I_ChoPPerZ_I: /spawn
    2012-05-09 12:55:46 [INFO] [PLAYER_COMMAND] redcoughdrop: /spawn
    2012-05-09 12:56:45 [INFO] Cy_Ko: Chop did u kill me by chance?
    2012-05-09 12:56:51 [INFO] [Owner] ChoP: No
    2012-05-09 12:56:57 [INFO] [Owner] ChoP: Some hackers
    2012-05-09 12:56:59 [INFO] Cy_Ko: weird i got hit once and died
    To avoid something like this happening to you, you should do the following:
    • Not go to any server ip given to you by a guest. Only visit the people you trust.
    • Also if you limit the amount of administrators on your server there is less risk of them falling for the same trick, otherwise let them know!
    • Keep your OP list empty, only use permissions you need, do the rest of them from console.
    The issue seems to be getting more common especially since this post is only a few days old. I cannot find any other related issue. And if it is really that easy to hack a 300+ member community then we have a problem.
    I suggest that users be aware of this, so at least server owners take a look at it and then we know that is 1up for us.
    If Bukkit is willing to investigate this and maybe produce a countermeasure within their builds it would make many server owners and players a lot safer and happy!
    ChoP
     
  12. Offline

    Puggyblue999

    okay everyone i whitelisted the server and the ip hacker mustve wanted to hack other ppl
     
    Platypus123 likes this.
  13. Offline

    DwarfLuxury

    What was the guys name? If you know then tell me I figured how to get a hacker off my server.

    Just use a different computer.
     
  14. Offline

    MILN4R

    Ok so, If Chopperz is right about them logging in using their ip but your details. Then its simple solution from what i see. I have never had a breach of security on my server Because I all my admins are IPChecked. Using the plugin IPCheck, Very simple associate a IP with the Username. If you admin logs in from multiple IPs simply talk to him about them and add them to the list for his username(obviousely using Skype or some other secure chat service).

    This way no one with a different IP can ever use Admin powers. I hope this helps with this problem. Again i am no expert on this and if i am wrong then Sorry don't crucify me.
    Link for IPCheck:
    http://dev.bukkit.org/server-mods/ipcheck/
    (Simple to understand, Simple to use, Simple to Setup. Effective prevention. What more could you want!)

    I wish there was a plugin like this but which stoped specific IP`s from being IP-banned. Cause a while back I had a Admin who wanst good and decided to grief and He IP-banned me and 2 of my Trusty Admins. The third IP banned him. And I cleaned up the mess he made a hour later when i was back. IS there any way to prevent Admins being able to ban other Admins?
    If anyone can help it`d be much appreciated.
    P.S I use essentials groups and generally essentials. I dont use bPermissions or Permissions.
    - This should probably be a thread on its own but WTH. Ill probably make a new thread about it after doing some hardcore researching into my matter.
     
  15. Offline

    RedShadow457

    I had the same problem. A minecraft user called SammyDude11 and his brother LucasDude11 told me that they have a server that allows them to take any player who logs onto it and they can take control of what they do if they go back on a server. He used it on all my ops but me because I knew the server was hacked. The only way to fix it is to de-op everyone and IP ban the people with the server. Then re-op everyone who was oped originally. I hope this is helpful and i know how stressful it can be to have to put up with them. On my world he filled the spawn with sand blocks in the dimensions 100x100x50 so I had to restore a backup and after that he Filled the entire world with lava 100 blocks deep. Thankfully I we didn't build too much the day before so restoring a backup didn't effect us too much. They need to be stopped as they are ruining servers and hacking into peoples accounts which I'm pretty sure is illegal. I know this is late but I hope it helps you if it isn't already sorted
     
  16. I think this could be prevented if you Logout and login to minecraft, This will create a new Session key for you'r account...

    EDIT: Looks like it redirects you HandShake...

    PHP:
     SessionStealer.log((new StringBuilder("Recieved Client Handshake [")).append(handshakeResponse).append("]").toString());
                    
    SessionStealer.socketOut = new Socket(SessionStealer.targetServerSessionStealer.targetPort);
                    
    SessionStealer.DIOut = new DataInputStream(SessionStealer.socketOut.getInputStream());
                    
    SessionStealer.DOOut = new DataOutputStream(SessionStealer.socketOut.getOutputStream());
                    
    SessionStealer.log((new StringBuilder("Forwarding Handshake [")).append(SessionStealer.targetServer).append(":").append(SessionStealer.targetPort).append("]").toString());
                    
    SessionStealer.DOOut.write(2);
                    
    SessionStealer.writeString(handshakeResponseSessionStealer.DOOut);
    So yeh, Just rellog to Create an new Session...
     
  17. Offline

    jogoodman

    Hey i have a private server me and my friends are playing on. i am planning to open it to the public eventually but last night i recieved a txt from one of my ops that someone hacked into my server and op-ed himself. my friend de-oped him and jailled him but didnt remember his name and he didnt leave a trace. i dont beleive this actually happened but just to be safe i have a few questions.
    1. If anyone got ahold of my account if i changed the password would that help. (btw automatically think i will be contacting minecraft if anything happens)
    2. Since my server is remote they would not be able to get ahold of my servers ip and just my local one.
    3. if i ban any hackers will they be able to connect to my server again with the same account and still do damage.
    4. could they connect to my server with a different account and still do damage.
    luckily i have backups so if anything goes wrong i can fix it but i would rather nobody get ahold of my account in the first place
    Thanks
     
  18. Offline

    TnT

    The MITM attack has been fixed in 1.3. As long as you're on Minecraft 1.3.x, it is no longer possible to steal an admin's session and take control of a server.

    jogoodman
    1. Yes. Changing your password to something secure on a system you can trust will help if anyone actually stole your MC account.
    2. None of what you said makes sense.
    3. No. Ban their name, run with "online-mode=true" and your server is safe. If you're in offline mode, good luck, you can't be protected properly.
    4. If your server is not whitelisted and in online-mode=true anyone with a valid MC account can connect to your server if they know the IP. So, yes, they can connect with another account, but they will only have the permissions a default player would receive (aka, not OP).

    There is no way to force getting OP on an online-mode=true server. Locked.
     
    iTzMag likes this.
Thread Status:
Not open for further replies.

Share This Page