My Bukkit Server Got Hacked! How?

Discussion in 'Bukkit Help' started by Imkingofthehill, Feb 8, 2012.

Thread Status:
Not open for further replies.
  1. Offline


    That does not mean anything.

    For OP and everyone else: xAuth has a bug, which hackers have taken notice of, that allows them to bypass it and log in with any username.

    By banning a player all it does is ban their username, so no matter who it is or what IP they have, it won't allow that username in. By banning an IP, it does not allow any usernames in that are trying to log in with that IP.

    Hacking clients have built in features to quickly change the player's name, and most support proxies so that the player can get a new IP to bypass IP bans. It's unlikely that you'll be able to keep them away, but you can keep them from hacking by going into online mode.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
    Last edited by a moderator: May 23, 2016
  2. Offline


    Can someone make a plugin like IP list and your set up a playername for ane EX

    Ban-List Players:
    winter4w 291.272.4327

    So when someone tries to login as that name and dont have that ip it will ban the ip address but if they do have that ip then they can join it.
  3. Offline


    Oh, the solution to so many 'Z0MG I W4Z HAKKED' issues ^ I think we should get it put in big red letters at the top of the help forum.
  4. Offline


    Yeah i agree...
  5. Offline


    You got hacked because of xauth, watch this video : this works by the way, i tried it once.
  6. Offline


    Locked. Don't use offline mode. Don't support piracy.

    Well, I suppose you can use offline mode, and you can support piracy, but then you can also get "hacked". Enjoy.
Thread Status:
Not open for further replies.

Share This Page