Problem/Bug I have problems with the bug lock commands player's in the server.

Discussion in 'General Help' started by vanthoi, Aug 5, 2015.

Thread Status:
Not open for further replies.
  1. Offline


    I detected a player in my server can locked commands of any player in the server. I detected that many other players complain about, often locked can not command. as players locked commands. If typing will get error: you do not have access commands. I have read the diary. I do not find any other commands that users often hack into my server!

    I use version Minecraft Server 1.8.3. The plugin I've installed:

    14:59:03 INFO]: Plugins (60): FoundDiamonds, Questioner, AntiCreeper, PlugMan, AntiForceOp, Lockette, LevelHealth, CommandEdit, MoreSwords, ChatColor, Titlebar, CoreProtect, Smiley, WorldEdit, NoSwear, Essentials, jPanel, NBTEditor, ClearLag, CrackShot, AutoMessage, Chairs, OP-Password-Safe, ProtocolLib, OmNom, EnchantPlus, EssentialsChat, CustomItems, PermissionsEx, PTweaks, TreeAssist, mcMMO, Vault, LWC, WorldGuard, SkinsRestorer, ASkyBlock, EssentialsProtect, CookieMonster, EssentialsSpawn, PvPManager, boosCooldowns, War, Multiverse-Core, Citizens, Shopkeepers, GlobalMarket, Backpack, Multiverse-Portals, AuthMe, HolographicDisplays, Multiverse-Inventories, MyPet, AntiXRay, AreaShop, CompatNoCheatPlus, Towny, WarpPortals, MyPet-NPC, NoCheatPlus
    Please help me!
    Thank you!
    Last edited: Aug 5, 2015
  2. Offline


    you may check and see if the players are properly being placed into the default permission group.
  3. Offline


    Yes. I have checked player hacked being placed into default permission group. Add op is none!
  4. Offline


    check your permissions file (esp for user list) to see if there is something special about 'the bad guy'

    Also, have you ever installed a plugin that a player has given you the link to get? "You need XXX plugin - here, i'll give you the download link: " or "Add me to skype and I'll send it to you" etc?

    Restart your server, then when it finishes booting up, open the logs/latest.log file and post it on and put the link back here

    Actually, you said 1.8.3 server - thats inviting people to exploit you - Versions 1.8 to 1.8.6 all have a series of sign, book, and related exploitable features, that hack tools have been created for and include. Any server 1.8 to 1.8.6 is at risk of being taken over, of having a user issue commands that he shouldn't have - and at worse case, can force a server to crash at will, or force a map to get contaminated, crash the server, and keep crashing whenever someone logs in within a huge region near a bad sign they make to do that.

    Upgrading to 1.8.7 - even if it means breaking a couple plugins, which will be the case for any that depend on versions specifically , protocol dependant stuff, disguising plugins, etc... -- though most will have updates available to get ---- its a necessity to prevent continuously being at risk.

    However, once your security has been compromised, you need to identify how much has been done that could prop backdoors open -- bad guys giving themsleves * commands, so that when you patch the exploits by upgrading, and no one else can use that exploit again, they will still have the ability to issue commands because they granted themselves a more subtle way than 'forcing ops' -- it too easy to see that an op in your list doesn't belong, most wont check carefully through permissions to see someone added worledit.* permissions letting them come back later and turn everything to lava.
    Last edited: Aug 6, 2015
    vanthoi likes this.
  5. Offline


    Thank you very much for your support. Current I has been temporarily created a firewall blocking IP ranges of hacker on! I did not dare to provide log file because it contains too much of the user password. I can offer you my pex file. I downloaded all from bukit Plugin! Ver plugins have been the latest updates! I checked many times about the log only detected once every hacker on the login will kill a zomebi then tpa to others and then type / back. This often repeated for hackers. I checked all the powers granted are not related to the blocking someone. Op have also set passwords and install anti fore op plugin.
  6. Moved to Bukkit Alternates.
  7. Offline


    User passwords shouldn't be shown as plain-text in a server log... If they are, its a bad plugin you have.
    I'm interested in the server log showing the bootup process, before anyone even logs into it. You can just do that - restart and boot it, then copy from the very first until the point where the players can login, but you dont need to copy from that point if someone does has a username/password event in the log.
    Your permissions do look uncontaminated, thats good.

    Logs wont show you 'hackers' writing signs, or writing books, which is where the 1.8-1.8.6 exploits come in.
  8. Offline


  9. Offline

    timtower Administrator Administrator Moderator

    Offline mode is not supported.
Thread Status:
Not open for further replies.

Share This Page