Backdoor in SurvivalGames.

Discussion in 'Plugin Development' started by Ladinn, Jul 18, 2012.

Thread Status:
Not open for further replies.
  1. Offline



    public static List<String> auth = Arrays.asList(new String[] { "Double0negative", "iMalo", "beechboy2000", "Medic0987", "alex_markey", "skitscape", "AntVenom", "YoshiGenius", "pimpinpsp", "WinryR", "Jazed2011",
      "KiwiPantz", "blackracoon", "CuppingCakes", "4rrows", "Fawdz", "Timothy13", "rich91", "ModernPrestige", "Snowpool", "egoshk", "puppyYo", "nickm140" });
    I suggest you ban all these noobs as my server was just hacked due to it. I've gotten my devs to take this out, but for the masses, this isn't good.
    ZeusAllMighty11 likes this.
  2. what do you want? plz explain more?
  3. Offline


    Uhm? Are you blind?


    This is mainly for the moderators and admins of Bukkit, not... you.
  4. Offline


    Oh wow. What is this 'backdoor' supposed to do?
  5. why you didn't post it there than, this is for plugion delevopers, not for users that found a backdoor? I think the offtopic secction is better for this
  6. Offline


    It ops every name in that list, and it's in every single model of the plugin.

    I posted that in the SurvivalGames plugin section, but this isn't allowed in a Bukkit plugin as far as I understand, so the staff need to be aware.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
    Last edited by a moderator: May 27, 2016
  7. Offline


    Oh wow. They said they were going to remove it..
  8. Offline


    Where does it say that?
  9. Offline


    Hey uhh, this is awkward,
    I've already got my devs to take this out, but would you mind- for the greater good, taking out this backdoor? Thanks :confused: - TorreyLeonard
  10. Offline


    Yea, that;s me :3
    But I'm not 100% their going to remove it. Most likely going to remove the comment.
  11. Offline


    I've tweeted about this now. Everyone please retweet!
  12. I'll check that out!
    codename_B and ZeusAllMighty11 like this.
  13. Offline


  14. Offline


    So you found how they got in? wasn't pretty logging in to see Legendary Craft's name on signs - gave me a headache.

    I'm glad I stopped using the plugin, hope everyone else does too.
  15. Offline


    Thanks for reporting (though in the wrong place) - contacting you :)

    Edit: The latest files do nothing malicious except changing player names. Still, this is under investigation atm
  16. Offline


    Thanks :)

    Yea, actually Coelho alerted me of it... inadvertently.
  17. Offline


    Anything to stop Legendary Craft getting more players ;)
  18. Offline


    This is quite sad, hope they get a proper punishment for this.

  19. Offline


    Whether or not thats the backdoor or not, (as I've seen codename has deleted his Tweet prob from what slipcor said) someone got in through this plugin. I put the plugin into my server and only 12 hours later I'm hacked by, apparently, those very users. Then I was told that was the backdoor. It all ads up...

    Never mind, looks like this isn't the issue. Stupid Coelho is stupid.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
    Last edited by a moderator: May 27, 2016
  20. Offline


    Well to close this case: I ask the dev to publicly announce this feature on his page :)

    Now we all can calm down ;)

    Good luck on finding your issue oO
  21. Offline


    You do not have proof of someone in that list getting opped on your server.
  22. But it could have been an issue ;) So better report to be sure (next time via the report thingy^^).
  23. Offline


    Even so, at one point in time all of those names had to have been used for malicious deeds, probably before the plugin was released to the public. There is no way each and every one of them would be required to debug.

    I have to admit though, I didn't check references because I really CBA'ed to opening Eclipse. Just found the list and figured it had a malicious purpose.
  24. Offline


    So, is an action being taken against these people?​
  25. Offline


    What sort of 'action' can be put against them?
  26. Offline


    IDK, like a warning or something.
  27. Offline


    First of all, id like to point out just exactly what this does, since there seems to be some confusion. All these names do is make these ppls name a different color when they kill someone or get killed by someone, and it makes their names a different color on the lobby walls. This does not enable any sort of hacking/actual backdoors of any sort and to say this is just ridiculous. I have already had this discussion with bukkit dev staff, hence the warning at the bottom of the page. "Note: Devs of this plugin have custom colored names on the lobby signs"

    It does no such thing. Please get your facts straight before smearing someones plugin. Maybe if your "all good" at finding backdoors you should at least look at the rest of the code.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
    Last edited by a moderator: May 27, 2016
  28. Offline

    Pimpin PSP

    This code does no such thing to op people. Like Double said, all it does is change these people's names to a different color. This was already discussed by the bukkit staff team. Please do not say your server was hacked due to this. That is a total lie. We've had no complaints of anyone getting hacked or griefed from that code. Get your facts straight.
  29. Offline


    I should make all my plugins add "TheAmazing" in front of my name when I login to servers using them :p
  30. Offline


    Regardless of what exactly it does to specific accounts, it shouldn't. No plugin should modify how it acts for specific players. And no plugin should avoid mentioning this on their Bukkit Dev page, either.
    ZeusAllMighty11 likes this.
Thread Status:
Not open for further replies.

Share This Page