HELP, My server is being HIJACKED! WHAT DO I DO?

oMG they are hijacking me.
They whitelisted the server! How did they get op?

Yep, they're hackers

I can't ban them???? WHAT DO I DO??????????

Help me please!!!!!!!!!! *panic mode engage*

I got them off. Now how do i get whitelisted?

HELP ME HELP ME HELP ME HELP ME

 

If you are the server admin you would use your admin-ship to log into the server and ban them from the console, disable the whitelist (or perhaps not yet), and then fix whatever else needs fixing.

If the server is running in offline mode and you let this happen you have no one to blame but yourself for not securing it better.

 

HOW DO I GET MY SERVER BACK

Ne0nx3r0 I can't unban myself!

 

Do it from the console... /pardon <username>

 

Oh, its pardon not unban

Not working!!!!!!!!!!!!!!!!!!

 

Look if you want us to help you we need details.

What isn't working?

Are there any errors or does it say why it's not working?

 

I get
Banned:
The Ban Hammer Has Spoken

i do unban and pardon algo160 but it isn't working. Cleared my banned ips.txt

 

Is the server home hosted?
Have you set a rcon password?

 

Did you reload the server after clearing banned-ips.txt?

 

Yes
and its from Nodecraft

 

algo160 Stop the server, set online-mode=true via config.

 

Are there any other ban plugins or plugins that override bans such as Essentials that my be calling this? If you have essentials, try opening algo160.yml and see if anything there would make you banned then reload.

Also, if the 'hackers' are still on, stop the server.

We don't know if he has a 'cracked' server yet, he may have just downloaded a bogus plugin from somewhere

 

I AM NOT A CRACKED SERVER!

Ok i should be unban now

 

OK, capslock isn't going to help anything...

If you want, PM me your IP and I can go on and try to better assess the situation myself

 

But i am not.

MrBluebear3 minecryptic.mcnode.net

 

MrBluebear3 i like getting surprised. How can someone else then "overtake" a server?

Known ways

• Offline-Mode -> connect with the owners username
• Misconfigured Plugin that allows opping via password
• Using a plugin that opens a remote connection and offers admin commands
• rcon

algo160 which one is it? You know best what plugins you use and your online-mode setting.

 

Great Other ways:

• Plugin not downloaded from BukkitDev, with something like an /opme backdoor
• A foolish/corrupt/malicious admin who abuses his power and gives others op
• Incorrect permissions

And I could go on

Most of these are avoidable with double-checking, care and know-how though

 

Also i would not connect to that host as he might try to track minecraft usernames. Not saying he does but i have seen many attempts going down this road.

MrBluebear3 well have fun then ... as long as he did not answer to the most important question "what the online-mode is set to" i would not even try.

 

I'm willing to provide help for anyone and if they are in offline mode, maybe I can guide them to the right side and there'll be a better server out there

He still hasn't been proven to be running a server in offline mode and until then, I'm willing to help

 

Easily a backdoor, stopping the server works well.

 

-_Husky_- How can you possibly know that?

 

Im having a hard time beleieving this..... The first thing id do is stop my server and if that doesnt work force stop my server..... then go to a backup i make every 2 hours and put that up and also add some plugin like authme for extra protection.....

 

lycano

The amount of times this happens is amazing, first off he says they gained OP, Assuming there are no other OP's on his server, > backdoor.

Secondly he gets banned > OP only.

They probably told him to download this "fun" plugin, in which case, it's a reminder on what lurks outside BukkitDev.

 

-_Husky_- really? That happens a lot? how did they got craftbukkit then ... via some external source too? I can't believe that someone downloads from dl.bukkit.org and does not know about dev.bukkit. Why should someone download from any other source other than DBO?

My thoughts about the world are now shattered.

 

lycano Its really not that surprising. Its not common (based on the amount of help topics that pop up) but there are gullible people running servers.

 

Wut.

Anyhoo, replying to the rest of your post, it happens more often than you may think.

For a start, on many paid hosting companies the JAR is automatically downloaded for you, meaning the OP most likely didn't download the JAR manually.

However, it is likely that some of his other plugins are downloaded from BukkitDev; this does not guarantee he won't be persuaded by someone to download a plugin from an external source.

It is a reasonaly possible explanation of his server being 'hijacked'.

 

I think whatever the case (dirty plugin, offline mode, stolen password) it can safely be said this is a case of inadequate server security practices, and the OP stopped replying over a dozen posts ago.

Let's all move on shall we? ; )

 

MrBluebear3 Also he could have just shared his minecraft account. Also a possibile explanation

If a paid hosting company do pre-install craftbukkit they better hope they got it from dl.bukkit.org else they are in trouble if someone finds out that they are using custom craftbukkit builds without stating that in their TOS.

Did he contacted you? Im wondering why he does not answer any longer...

 

A valid point

No he didn't contact me, hopefully his problems have been resolved

 

Why wouldnt the command be /unban? /pardon - sigh.