Hacked by force op!

Discussion in 'Bukkit Help' started by sonic_364, Jun 22, 2013.

Thread Status:
Not open for further replies.
  1. Offline

    sonic_364

    So when I got on my server one day everything was griefed and there was a random op who put their name on the leaderboards. I was told there was no way to force op yourself, but just today I was told by a mod on my server that his friend force opped himself and he was actually the one who griefed everything. I need to protect against this. Can anyone help?!
     
  2. Offline

    Syd

    Sure you have online-mode=true?
    If not: set it to true. Problem fixed.

    Else it would be helpfull to have a much logs as you have about this incident.
     
  3. Offline

    sonic_364

    Where is online-mode?
     
  4. Offline

    Syd

    server.properties

    It's the setting wether you allow cracked user to join your server.
     
  5. Offline

    gamermanh

    If you ARE allowing cracked users on, then you would simply need a plugin like AuthMe or XAuth to stop this from happening
     
  6. Offline

    WhitePhoenix0

    Can you not deop them in the console?
     
  7. Offline

    gamermanh

    Obviously, but I believe he is also looking to stop this in the future
     
  8. Offline

    MysteryManX

    An auth plugin does not stop hackers.
     
    Adriani6 likes this.
  9. Offline

    gamermanh

    If he's allowing cracked users, then anyone would simply be able to join his server as an opped person, so an Auth plugin would stop them, unless they could guess his password
     
  10. Offline

    sonic_364

    Alright, I had online mode set to true but my logs don't go back far enough to check.
     
  11. Offline

    gamermanh

    Logs should go back far enough, unless you deleted the file since it happened
    check the server.log file
     
  12. Offline

    Novustorious

    Just like everyone else says, there isn't any ForceOP. If you leave online-mode=false then players can easily hack and become OP by logging in your account name etc. Always leave online-mode=true so you don't run into this sort of problem again.
     
    MysteryManX likes this.
  13. Offline

    gamermanh

    He had it true, and again, Auth plugins stop them.

    So, sonic, it seems like someone who was OP gave this person OP, I'd look at who you trust
     
  14. Offline

    MysteryManX

    No, it will not. When I used to run a cracked server a year or so ago, I had this problem all the time, random Op's that destroyed my world. Even with an anti-cheat and auth plugin, you are exposed to pretty much anything, in terms of hacks etc.
     
    Novustorious likes this.
  15. Offline

    gamermanh

    I have run a cracked server for over a year, and have never once had any form of OP security issue, and neither has my much larger affiliate server. Either my auth and anti-access plugin setup is simply better (I set it up on both serevrs), or you did something seriously wrong
     
  16. Offline

    Jade Retired Staff

    Or you know, a year down the line, things have been reworked, more secure, or in Daft Punk's terms, Better, Faster, Stronger.
     
    bennie3211 likes this.
  17. Offline

    isleepzzz


    Or you're funny:p haha :D
    But honestly, there is NO possible way for someone to login and somehow access server data via commands to op them-self UNLESS a plugin allows them to do that. If you have some weird plugins that doesn't seem legit, maybe think twice about them. Also, if you had a friend/buddy opped with you. He is the reason why this happened unfortunately. You need to get a plugin called like LimitedOps, it will allow a little "op list" which if your name is on there, its possible for you to be op, but if your name is NOT on there and your opped, you can result in a kick/deop/ban (whatever you would like, its configurable)
     
  18. Offline

    gamermanh

    He said he ran one a year ago, I said I've been running mine for OVER a year, so there was a time when both of us had a cracked server online, and he was having issues.
    what isleep said is right, with an Auth plugin and proper perm configuration, nobody can get op unless an op or console gives it to them.
    OPPassword is another good one
    Sonic, did you ever find the issue?
     
  19. Offline

    Bobcat00

    Online/offline mode can also be specified in the command line. Post the command line you use to start craftbukkit.
     
  20. Offline

    JOPHESTUS

    A question: Have you downloaded any plugins from a non-bukkit source? Maybe a user said "Hey, sonicman! I know a good plugin for the server, it stops hacks, here's the download link" Some people get tricked into installing a malicious version of the NoCheat+ plugin, or another plugin
     
  21. Offline

    sonic_364

    I just found a video of someone using ForeceOP and the comments say it worked. Here is the video: [malware link removed]
     
  22. Offline

    kreashenz

    sonic_364 No such thing as a damn forceop. They patched it a LOOOOOOONG while back.. I'm pretty sure there was a client file that patched it.
     
  23. Offline

    sonic_364

    So, then what is the deal with the video?
     
  24. Offline

    bennie3211

    lol so fake >< I guess if you dowload it, it will be a empty folder, or a zip with password ;)
     
  25. Offline

    sonic_364

    Thank you.
     
  26. Offline

    kreashenz

    bennie3211 It is a zip with a pass, I am cracking it now to see what it actually is..

    Blank.. Nothing is in it. No such thing as a force op, and there never will be.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jun 2, 2016
    bennie3211 likes this.
  27. Offline

    Zach1338

    Force OP are rubbishes. probably your friend are making up stories
     
  28. Offline

    sonic_364

    Lol, thanks.
     
  29. Offline

    Zach1338

    So calm down :D
     
  30. Offline

    Bobcat00

    So, I'll say it again: Post the command line you use to start craftbukkit
     
    lol768 likes this.
Thread Status:
Not open for further replies.

Share This Page