[WEB/ADMIN] SpaceBukkit Beta 1.2 - Web Administration the awesome way!

Discussion in 'Bukkit Tools' started by SpaceCP, Feb 3, 2012.

Thread Status:
Not open for further replies.
  1. Offline

    Finda

    I'm actually waiting for the BukGet updating feature.
     
  2. Offline

    Antariano

    Yes, RTK does that for you
     
  3. Offline

    Pim1234

    since i'm not getting any help at RTK's thread, i'm going to post it here:
    would anyone be able to help?

    Code:
    Minecraft Remote Toolkit R10 Alpha 12
    Initializing...
    Loading toolkit properties...Done.
    Loading toolkit modules...ERROR: Could not load Toolkit Module toolkit/modules/.DS_Store in toolkit/modules: null
    Done.
    Loading SpaceRTK...Done.
    Wrapper is running on: Mac OS X 10.6.8 x86_64
    Starting wrapper...
    20:51:49 [INFO] Listening to Port 25,561 with a connectivity queue size of 5.
    Starting UDP listen server on port 25561
    
    result:

    [​IMG]
     
  4. Offline

    Jamy

    You're using a mac? try to remove the .DS_Store in the toolkit/modules folder ;)
     
  5. Offline

    Pim1234

    nah, nvm that... i hope your plugin can work with that problem?

    i have another problem. this time with your plugin ;)
    i have installed everything, but i can't do the web part by going to "http://localhost/"
    the files are located in users/Pim/var/SpacyB

    btw, yes, i am on a mac (Mac OS X Snow Leopard Server 10.6)
     
  6. Offline

    Finda

    The .DS_Store is mac filesystem dust, It can not be deleted normally with out any support from the Terminal. Is it possible to make RTK ignore it?
     
  7. Offline

    Dreaux

    I've noticed with latest update, that when restarting my server, it "hangs" just after the "Spacebukkit loaded XXXX plugins" line. If I give it 2 or 3 minutes, it will progress, but what's funny is that I can also just hit "enter" on my keyboard to make it continue.

    The last time I saw this problem was with MCMA, and it had to do with the version of Java I was running. I had to go from a JRE to a JDK, I believe, to fix it, but in this case, I already have that installed.

    Not really a huge deal, but it didn't happen in 1.0.
     
  8. Offline

    NeatMonster

    Can you confirm it happens because of SpaceBukkit?
     
  9. Offline

    drdanick

    Did you forward UDP port 25561 to your server?

    On another note, that error is harmless and will not affect either the toolkit or any loaded modules.


    What operating system are you using?
     
  10. Offline

    Pim1234

    no i didn't.
    now 25561 is open, but there's still nothing but a message that firefox can't connect...
     
  11. Offline

    drdanick

    That solution was directed to your problem with the RTK controller.

    As for your other issue, it looks like your HTTP server isn't running. What are you trying to use as your HTTPd?
     
  12. Offline

    Pim1234

    i didn't had a HTTP server, but now i've got Mac OS X Server's Apache running.

    this is the result:
    result (open)

    [​IMG]


    btw, i can't use

    "
    chown -R www-data:www-data *
    "

    that returns

    "
    chown: www-data: Invalid argument
    "
     
  13. Offline

    tyzoid

    SpaceCP
    I can't seem to find where the docs are to hook into SpaceBukkit.
    I found this page: http://spacebukkit.xereo.net/wiki/index.php?title=Main_Page
    but the pages under "For Developers" don't exist.

    Could you please direct me to the correct place?

    Also, with regards to your challenge at the bottom of the homepage (find a word that rhymes with orange).
    While this is a phrase, it should be equally valid: "door hinge"
     
  14. Offline

    NeatMonster

    Currently, it's only possible to create addons for SpaceBukkit. But it's bloody useless until Antariano finishes the addons support for SpaceCP.
     
  15. Offline

    tyzoid

    Thanks for the clarification.
     
  16. Offline

    Finda

    I also run a mac os x server, its different because all the things is wired to and controlled through the application "Server Admin" which comes with the box in a dvd.
    Apple do like make things difficult and simple at the same time.
    They provide a ui, but moving things were the users cant temper with.
    Tell me if I can help.
     
  17. Offline

    Pim1234

    i would be very happy if you could help me :)

    i just installed MAMP pro but i still do not have any luck :(
     
  18. Offline

    Finda

    Try using the apache that came with the os, and not a separate one, irc?
     
  19. Offline

    Pim1234

    which Service would i have to enable, i can't see apache...

    omg i feel stupid :p
     
  20. The service is called "Web-Sharing" under OS X
     
  21. Offline

    Pim1234

    ok, could you tell me which modules i would have to enable?

    i may have fucked it up :p
     
  22. Offline

    bootscreen

    i think you should update the demo ^^
     
  23. Offline

    nanashiRei

    I'm sorry to say this but this is hackable. I only had this installed for 2 days, made sure there where secure passwords being used and for some reason my server was hacked just a few minutes ago. The used Spacebukkit, to be precise my other admins account. I know that guy since i was 8 so no telling me he was it. His passwort was unlike hacked, it's long and random. (sorry no details)
     
  24. Offline

    Antariano

    Hello nanashiRei,

    Unless you can't provide us any information on how "SpaceBukkit " is the cause of this, I'm afraid I can't do anything about this "Security hole".
    SpaceBukkit, as any other software, uses passwords as means of security. Of course, if these passwords are obtained in some way, the security fails, unless I install DNA recognition, and I hope you understand that that would be unpractical.


    I am unaware of any way of obtaining these passwords through an exploit of SpaceBukkit. So, excluding that option,
    this means that this "hack" was caused by
    - your passwords leaking
    - someone obtaining access to your configuration files which store the database credentials

    I'd love to have more information about this, since Security is our top priority.
    And on a side note, the fact that you know that your friend's account was used - I guess you learned that from the Activity Log, correct?

    Sincerely,
    Antariano
     
    NeatMonster, half_bit and Jamy like this.
  25. Offline

    nanashiRei

    I'm still investigating, i will compile some data and let you have it once i got it together. But from what i can see, they must have found a way to login without the login data. (MySQL Injection?)

    They must have found a way to delete passwords from the DB:
    http://pastie.org/private/36ftrxic22icjjkxp6clw
    (i removed my hash for security)
    I have no clue how they did that but~ there you go. :)

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Oct 29, 2015
  26. Offline

    Antariano

    You cannot login to spacebukkit without a password.
     
  27. Offline

    jasvecht

    I had something comparable happen, WHM server, SpaceBukkit was the only script running on that account, account itself wasn't accessed, SpaceBukkit had all but the main account deleted and one named "Simba" added. Nothing else was hacked or compromised, MC Server was disabled, some files were screwed with it seems.

    Either the Updater or whomever broke in managed to remove the logs.

    It seems whomever managed also tried to access /install/step1 multiple times for god knows what reason...


    I was told by the SpaceBukkit Staff to either, stop being a moron or stop trolling. It's certainly not SpaceBukkit. It's impossible. #MCBans says so!

    No, really. Lost lots of respect, will be moving back to MCMA. Thanks guys!
     
    dark_hunter likes this.
  28. Offline

    Antariano

    Alexander.
    I was away while you had a discussion with one of SpaceBukkit's staff members, and I indeed must apologize for the tone that was used. Telling you to " stop being a moron or stop trolling " was stupid.

    We're not saying it's not SpaceBukkit.
    We're just unsure on where this security hole would be.

    Please, remember that we are in beta.

    We are currently investigating on how this "hack" would be possible.
    Accessing the installation is not possible after you ran it.
    The only way of deleting the data is either to gain access to a superuser account or to the database.

    Please consider staying with us to help solving this issue.
     
    dark_hunter likes this.
  29. Offline

    dark_hunter

    jasvecht - don't ruin the start of a beautiful relationship, just because of a little bug/hole. Help Antariano and be better!

    We are humans. All of us make mistakes sometimes, but together we are stronger.

    Ok, so my domain works now. everything installed fine, but ever time and try and login, it just refreshs the page and nothing happens. Is this a cache error?

    Happens in Opera and IE.

    EDIT: No idea what I did, but doing this again and going slowly, fixed it.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Oct 29, 2015
    Antariano and NeatMonster like this.
  30. Offline

    Antariano

    jasvecht
    @nanashiRei
    We have identified the security hole and are fixing it right now. Expect an emergency update in the next minutes.
     
    nanashiRei and dark_hunter like this.
Thread Status:
Not open for further replies.

Share This Page