Hacked by force op!

So when I got on my server one day everything was griefed and there was a random op who put their name on the leaderboards. I was told there was no way to force op yourself, but just today I was told by a mod on my server that his friend force opped himself and he was actually the one who griefed everything. I need to protect against this. Can anyone help?!

 

Sure you have online-mode=true?
If not: set it to true. Problem fixed.

Else it would be helpfull to have a much logs as you have about this incident.

 

Where is online-mode?

 

server.properties

It's the setting wether you allow cracked user to join your server.

 

If you ARE allowing cracked users on, then you would simply need a plugin like AuthMe or XAuth to stop this from happening

 

Can you not deop them in the console?

 

Obviously, but I believe he is also looking to stop this in the future

 

An auth plugin does not stop hackers.

 

If he's allowing cracked users, then anyone would simply be able to join his server as an opped person, so an Auth plugin would stop them, unless they could guess his password

 

Alright, I had online mode set to true but my logs don't go back far enough to check.

 

Logs should go back far enough, unless you deleted the file since it happened
check the server.log file

 

Just like everyone else says, there isn't any ForceOP. If you leave online-mode=false then players can easily hack and become OP by logging in your account name etc. Always leave online-mode=true so you don't run into this sort of problem again.

 

He had it true, and again, Auth plugins stop them.

So, sonic, it seems like someone who was OP gave this person OP, I'd look at who you trust

 

No, it will not. When I used to run a cracked server a year or so ago, I had this problem all the time, random Op's that destroyed my world. Even with an anti-cheat and auth plugin, you are exposed to pretty much anything, in terms of hacks etc.

 

I have run a cracked server for over a year, and have never once had any form of OP security issue, and neither has my much larger affiliate server. Either my auth and anti-access plugin setup is simply better (I set it up on both serevrs), or you did something seriously wrong

 

Or you know, a year down the line, things have been reworked, more secure, or in Daft Punk's terms, Better, Faster, Stronger.

 

Or you're funny haha
But honestly, there is NO possible way for someone to login and somehow access server data via commands to op them-self UNLESS a plugin allows them to do that. If you have some weird plugins that doesn't seem legit, maybe think twice about them. Also, if you had a friend/buddy opped with you. He is the reason why this happened unfortunately. You need to get a plugin called like LimitedOps, it will allow a little "op list" which if your name is on there, its possible for you to be op, but if your name is NOT on there and your opped, you can result in a kick/deop/ban (whatever you would like, its configurable)

 

He said he ran one a year ago, I said I've been running mine for OVER a year, so there was a time when both of us had a cracked server online, and he was having issues.
what isleep said is right, with an Auth plugin and proper perm configuration, nobody can get op unless an op or console gives it to them.
OPPassword is another good one
Sonic, did you ever find the issue?

 

Online/offline mode can also be specified in the command line. Post the command line you use to start craftbukkit.

 

A question: Have you downloaded any plugins from a non-bukkit source? Maybe a user said "Hey, sonicman! I know a good plugin for the server, it stops hacks, here's the download link" Some people get tricked into installing a malicious version of the NoCheat+ plugin, or another plugin

 

I just found a video of someone using ForeceOP and the comments say it worked. Here is the video: [malware link removed]

 

sonic_364 No such thing as a damn forceop. They patched it a LOOOOOOONG while back.. I'm pretty sure there was a client file that patched it.

 

So, then what is the deal with the video?

 

lol so fake >< I guess if you dowload it, it will be a empty folder, or a zip with password

 

Thank you.

 

bennie3211 It is a zip with a pass, I am cracking it now to see what it actually is..

Blank.. Nothing is in it. No such thing as a force op, and there never will be.

EDIT by Moderator: merged posts, please use the edit button instead of double posting.

 

Force OP are rubbishes. probably your friend are making up stories

 

Lol, thanks.

 

So calm down

 

So, I'll say it again: Post the command line you use to start craftbukkit