Problem/Bug Chatcontrol

3 guys came onto my server and done something with signs causing anyone to crash at the location of the sign.
They had no UUID on them so cant ban them ....? any idea how to fix this? i managed to rollback the server for them 3 so the signs and all were removed and the crash or anyone in that area was able to return but... i wanna prevent it completely.

they used ################ about a thousand of these onto a sign which caused the error i believe, any way chatcontrol can prefend even 1 or 2 of these # things to be on a sign?

 

I've never heard of this happening before and for a player not to have a UUID i believe is impossible... Thats what i think anyways but i would try to help if i could but this sounds bizzar.

 

sounds like a sign json exploit that can be hacked in, most of those 1.8 exploits had been fixed in the latest vanilla and spigot releases, so you may have an older 1.8 version and if so, are exploitable by signs and books for anything (ops, if you have it) when done right by bad guys.

No UUID would be quite a trick - it is true and possible that many account names dont return a UUID even though they are valid mojang names, but that pretty much was limited to prior-to namechanges activating and servers aren't supposed to allow accounts to join that dont have a uuid (it will kick the player if it doesn't get that information sent from mojang, throwing a timeout or simiilar error to the client..happens all the time with legit players who merely try again and are fine)

Even if using a server in offline mode, a fake uuid should be generated for the player every time. No UUID does seem not possible.

However, it is possible there may be a protocol exploit out there and this is a start of something new...

But this is where your LOGS will be very helpful. Find the logs that cover their first arrival on your server, try to find the moment in the server log when they join for that session, see what information is shared there. There must be a clue for how they got onto the server without the uuid being part of the info shared, and that will be indicated in the log. Note that the logs are gzip compressed, and you'll need a program to uncompress them, but... doing that bit of work will be valuable to either identify their uuid, or expose a flaw that could be critical to identify

Pastebin the part of the logs from a minute or so before to a couple minutes after they join when you find it.

 

yea 1.8.x may not be best to stick with, just hope npc's will be updated to 1.8.5 or something then soon as its the only plugin that doesnt work over 1.8.3 as for OP, in theory via /op noone but me and the coowner can do so, as we have a block on that aswell as the permissions manager file command.

 

the problem is that if you are opped, you need to be weary about clicking on clickable text in chat, books, signs .. as those allow players to have you issue any command they want when you do -- still happens if you're not opped, but clearly if you're opped, you can op them, or do any rank promotions, issue /stop command, change server gamerules...

I would really really like to see those logs though, for forensics purposes - there must be explanations, and if not, then there must be explanations to be found.

 

yet i didnt click anything as for the log currently...its WAY to big and i dont have the programs to read em. This wasnt a OP job this was a hacked client overriding sign limits somehow with ################################################################################################################################################################################################################################### etc.

The only reason i crashed was because i was near that location, others that werent were still able to play. i had to put the hacker back about 60 mins(just incase) to undo anything he did so i could log in again.


The issue it gave was a overlimit crash something 60, the line was too big or the column was too large thus issueing a crash.

 

Yes, that is still a given... but, the key is how did they do it - you cant write a sign like that without some special tricks, hacks...

And you insist they have no UUIDs which is a theoretical impossibility.

Which is why forensic science on your logs is VITAL - you might even be victim #3 of some big thing that is going to be crashing thousands of servers by the end of the week, and turned into a tool that lets any jerk go and spam enough signs everywhere to keep a server from ever restarting, and for the folks to get away with it every time.

So confirming what happens when they are logging in compared to normal is one important factor - just because you dont know what to do with that, doesn't mean that there aren't those of us who do have access to post incredibly detailed bug reports, or investigate further