My Bukkit Server Got Hacked! How?

Discussion in 'Bukkit Help' started by Imkingofthehill, Feb 8, 2012.

Thread Status:
Not open for further replies.
  1. Offline

    Imkingofthehill

    HELP PLEASE :'(

    So toady was just as any other day, business as usual until a player joined, as my name, the owner.
    I have xauth, permissions, and invaliad username plugin to prevent hackers like that. He failed at that.
    Then he logged in as a player [Shin_Ichi] andi found out that ha had same ip as the person who tried to log in as me so i try to ban him, "This player cannot be Banned" Wtf? then i try to kick him, same thing.
    I check to see if he hacked op, nope. So then i go to my console and try to ban him, "This player cannot be Banned", and that's when i shit myself. I couldn't do anything. I asked him how did you do this?
    He reply's i have no intentions to harm ur server i am just testing. He also began typing in the server chat even though he is a guest, not op, and has no permissions. He then promotes himself to owner and when i try to demote him it says he is guest but when he talks it says owner in prefix? So to stop him from griefing i act like i agree with him and that i would give him what ever he wants to tell me how he is doing it to stop him from griefing.

    He then says im done testing and will be back and leaves. Btw i did ip ban him but it didn't affect him in no way.

    Is This The End of Bukkit? What if this is released to the public? I posted the log files if you don't believe me.


    Edit
    __________________
    The second i was writing this they came back and griefed my whole server with world edit

    Thier ips
    Mod Edit (TnT): Removed
     

    Attached Files:

    • Log.txt
      File size:
      344.9 KB
      Views:
      10
  2. Offline

    Imkingofthehill

    The Log
     

    Attached Files:

    • Log.txt
      File size:
      344.9 KB
      Views:
      2
  3. Offline

    rmsy

    Would you mind posting your plugin list, console log, and permissions file?
     
  4. Offline

    zipfe

    For crying out loud, stop running a badly maintained offline mode server and then call it "Hacker" attack. This is so annoying. You didn't get "hacked" by anybody.
     
  5. Offline

    rmsy

    He claims to be using an authentication plugin. Might want to read the entire post before you jump to conclusions ;)
     
  6. Offline

    zipfe

    So what? That still doesn't mean he got "hacked". It's just another 10 year old who downloaded a client from a Russian YouTube channel that joined his server, and not a hacker.


    Didn't we have this trolling just a few days ago? Probably someone works on an "anti-hack" app and is trying to fuel newbie fears with these stupid posts.
     
    andrewpo and battlekid like this.
  7. Offline

    rmsy

    If the user really did gain administrative privileges, how would that arise of using a hacked client?
     
  8. Offline

    kamakarzy

    you could use commandbook and enable verify-name-format will not let that username in at all
     
  9. Offline

    zipron

    First, I don't think you're allowed to post IP's here
    Second, if you host a server in offline mode, know that there are hacker risks
    Third, if you know a bit of your server, in stead of messing around with commands, you copy-paste the IP in your banned-ips.txt file, and the name in your banned-players.txt file, restart, done.

    Imo this is your fault, because you run offline mode without knowing the risks, and it can be solved very easily. Children..

    clearly his authentication plugin didn't work...

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 23, 2016
  10. Offline

    TopGear93

    Are you using my Caught plugin? if so did it block him? Ive had this happen before. Just stop the server and restart, then ban him.

    thats because x_Auth can be easily " Phished " . when it asks for your password all you need to do is type in your username. Auth plugins are useless imo.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 23, 2016
  11. Offline

    zipron

    I use rakamak, even in online mode, hacking dudes can log in sometimes, and I have no issues with rakamak =) But still imo it's his fault..
     
  12. Offline

    rmsy

    No, this is not possible.
    Did he not come and ask for help? He's obviously not doing something correctly, or else he wouldn't be asking for help.
     
  13. Offline

    zipron

    It is possible...

    And that is a problem you see.. I have a server in offline mode now, but I know the risks so I protect it..
     
  14. Offline

    Panzerwurst

    I wouldint bother with this guys

    I logged onto the guys server today and asked what happend, his admin users had no clue about this post on here (they had no clue what bukkit was) and just said it was hacked and didnt have much info.

    From what I could tell tho it looks like a bad config set up that allowed them to grief
     
  15. Offline

    dark_hunter

    Really? My server has an auth plugin, let me try that.
    [​IMG]
     
  16. Offline

    rmsy

    No, it is not. Let's examine how Minecraft authentication works, in layman's terms:
    1. The user logs in to Minecraft with their username and password
    2. The client sends this information to Minecraft.net
    3. If the credentials are valid, Minecraft.net returns a session ID to the client
    4. The user joins a server
    5. The client sends the session ID and server IP to Minecraft.net
    6. If the session ID is valid, Minecraft.net temporarily (for around a few minutes) adds the session ID to an 'Authenticated' list for the respective server IP
    7. The client connects to the server, and sends it's session ID
    8. The server checks the session ID against it's list on Minecraft.net
    9. If the session ID is on the list, it allows the connection. If not, it disconnects the user.
    10. The client joins the game

    It's not possible to 'hack' a username on an online-mode server. Trust me on this. Either they were using a compromised account, or your server isn't running in online-mode (meaning the server doesn't check the session ID against Minecraft.net, and allows the connection no matter what).
     
    battlekid and dark_hunter like this.
  17. Offline

    zipron


    Ok you have a server? PM the IP and we'll check if it's possible. You're only talking about authentication. Ever thought of the fact what can happen if a player has a MC account and authenticates, let's follow the magic steps:

    James (this is just fiction btw) buys an account called JamieIsNoob Minecraft.net uses password myMomOwns
    1. James logs in to Minecraft with username JamieIsNoob and password myMomOwns
    2. The client sends this information to Minecraft.net
    3. If the credentials are valid, Minecraft.net returns a session ID to the client
    4. The user joins a server
    5. The client sends the session ID and server IP to Minecraft.net
    6. If the session ID is valid, Minecraft.net temporarily (for around a few minutes) adds the session ID to an 'Authenticated' list for the respective server IP
    7. The client connects to the server, and sends it's session ID
    8. The server checks the session ID against it's list on Minecraft.net
    9. If the session ID is on the list, it allows the connection. If not, it disconnects the user.
    10. The client joins the game
    Now James is logged in, right? And what if he has hacks now? I'll pm you in tomorrow with a link to the site (have to ask a friend in australia, so brb in a few hours)
    ontopic: Try to use Rakamak as authentication plugin, it's good =)
     
  18. Offline

    rmsy

    You can not change your username without an entirely new connection, and the authentication process is repeated on every join.
     
  19. Offline

    Snipes01

    We need more information from the OP on the topic. I'd like to see his log and maybe his server properties.
     
    rmsy likes this.
  20. Offline

    zipron

    Dude, you don't get the point, you can easily hack with other ways than "using a client wich doesn't authenticate with minecraft.net" That's what I'm trying to say...
     
  21. Offline

    rmsy

    Such as? I highly doubt you really know of a way to bypass Minecraft authentication. However, if you think you do, feel free to message me.
     
  22. Offline

    h0us3cat

    online-mode=true
    problem solved...
    yes names can be spoofed in offline mode.
     
    andrewpo, battlekid and rmsy like this.
  23. Offline

    zipron

    Yea I'll do in a few hours. But you see, I'm talking more about a mod way thing you install at your client, it has nothing to do with authentication etc. It just send other information to the bukkit server
     
  24. Offline

    dark_hunter

    Your last line just negated what you said.
     
  25. Offline

    TnT

    online-mode=false will cause you all sorts of grief. Authentication plugins can be bypassed, have bugs, have exploits, etc.

    online-mode=true means they NEED to authenticate against the minecraft.net authentication servers. If they don't have an account, they don't authenticate. This stops anyone from even getting on the server first. This is much, much better than any authentication plugin - as those authentication plugins already give them access to the server! From there, they can attempt to bypass the authentication plugin's protections. The result: These very threads that claim they've been hacked, when really - they've allowed anyone and everyone to log into their server and HOPE that their authentication plugin keeps them safe.
     
  26. Offline

    rmsy

    I think he was just re-assuring the OP that names can be spoofed in offline-mode.
     
  27. Offline

    dark_hunter

    Ah I see there.
     
  28. Offline

    SupremeSurvival

    Recently, my server has been hacked as well. I'd like to know that if I put my server into online mode (Offline mode=false), would that stop the hackers? They came in and bypassed the xauth plugin and op'd themselves. I won't go into detail but the server is a bit of a mess now. I am really considering putting the server into online mode after this 1.2 update.
     
    joehot2000 likes this.
  29. Offline

    mbaxter ʇıʞʞnq ɐ sɐɥ ı

    Put your server into online mode. Don't support piracy.
     
    andrewpo likes this.
  30. Offline

    SupremeSurvival

    Thank you, I've gotten multiple replies suggesting that I go into online mode. I only have one question, if I ban a player, do I still need to IP ban? (In online mode) Players keep using dynamic IP's so now I have to use RangeBans to ban all variations of an IP.
     
Thread Status:
Not open for further replies.

Share This Page