PSA: Malicious plugins: NanoGuard Anticheat and InfiniteDispenser

Discussion in 'Community News and Announcements' started by EvilSeph, Sep 11, 2013.

Thread Status:
Not open for further replies.
  1. Offline


    It has come to our attention that the plugins "NanoGuard Anticheat" and "InfiniteDispenser" have been distributing potentially malicious code hidden within their update process. We urge all server admins running these plugins or who have run these plugins to read this PSA carefully and follow the advice given immediately.

    We strongly advise all server admins to cease using these plugins immediately:
    • NanoGuard Anticheat (Default file name: NanoGuardJAR.jar or similar)
    • InfiniteDispenser (Default file name: InfiniteDispenser-3.2.jar or similar)
    As a general precaution, we strongly recommend that all server admins perform a full examination of their server, keeping an eye out for unknown plugins or suspicious behaviour - as is proper on a periodic basis. We also would like to remind server admins to avoid running anything with root or admin privileges without taking the proper precautions to safeguard against the security risks it poses.

    In accordance with our community policies regarding malicious code, these projects and their files have been completely removed from our sites and the individuals associated have been banned. While we do not - and cannot - guarantee we'll catch everything, our approval process is an ever evolving aspect of our project and we believe that it is an integral piece in providing server admins with peace of mind when running their servers.

    Thanks for your continued support and understanding in this matter,
    - on behalf of the Bukkit Project
  2. Offline

    timtower Administrator Administrator Moderator

    Everybody makes mistakes, and you are saying it now don't you?
  3. Offline



    This was one mistake, Out of how many? think just 1.. So I'm pretty sure you guys are doing a good job. I got confuse during all this chat, did they get ban? and did they also try to do this? This is what I got from everything
    Something about a url redirect and some one got ban?

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
    Last edited by a moderator: Jun 4, 2016
  4. Offline


    I was on my way to report these plugins right as they went down. The infinitedispenser one was a nightmare, a group of hackers (team lixo) were able to get in to the console, add and remove items as they please and stop the server. If you have either of these plugins DELETE THEM listen to bukkit, they will come on your server otherwise. The group behind it are team lixo.
  5. Offline


    wow...Thanks staff.
  6. Offline


    All of the users that we're developing the plugins have been banned.
  7. Offline


    Good thing I decided not to use these Plugins then.
  8. Offline


    Thank you. Optimism like this keeps me going ;)
  9. Offline


    If anything this reinforces why the approval process takes "so long".
    People should take comfort from the fact that you did catch this, even if it was a little later than it should have been.

    The Bukkit staff have the best interests of the community at heart and we all luff u staffs!
    KawaiiNeko, kezz101, np98765 and 4 others like this.
  10. Offline


    A little late, but thanks staff for catching this and fir all your hard work! :) Keeping server owners safe by manually checking through the hundreds or thousands of plugins there are when they are submitted is quite a feat, keep it up! :)

    Side note: Time to make a new (legit) infinite dispensers plugin.. :O
  11. Offline


    So all of the Infinity dispensers are infected?
  12. Offline

    timtower Administrator Administrator Moderator

  13. Well that's funny.
  14. Offline


    That's why I make all my plugins open source...
  15. Offline


    Offtopic posts removed. This is not a thread to discuss what alternate plugins exist - if you wish to make one, feel free to post a thread in Bukkit Discussion.
  16. Offline


    I'm glad I never actually installed that plugin. I was looking around the entire bukkit website for an infinite dispenser plugin and didn't install this one :p
  17. Damn I used infinitedispenser, what now :(!?
  18. Offline


    Who was creators of this plugins? Does they creates other plugins that could be dangerous too?
  19. Offline


    All plugins associated with the developer(s) who made InfiniteDispensers and NanoGuard Anitcheat have been removed from BukkitDev. A quick search of their username(s) confirms this.

    At least I believe this is the case, I found out their usernames online and searched DBO to see if they had any plugins left.
    fromgate likes this.
  20. Even though the plugin got by the approval process, thanks to whoever found this! Way better than this going unnoticed.
  21. Offline


    Well you know it had to happen sooner or later. There's always people who like to make trouble. Some kid comes along who wants to kick the other kid's blocks over... Funny how almost ALL things in life fall back to such a basic principle.

    Thanks Bukkit Team.
  22. :eek: Obrigado pela informação!!! Thank!!!
  23. Offline


    There's always essentials kit's/The loadout plugin/ I think I might write a new infinity plugin.
    I removed the infinite dispenser's plugin from my server a long while ago, I hope that I am safe, I checked my OP list and PEX database and most of my configs but to be on the safe side I will do a clean sweep looking for any of the dev's MC names or any changes that happened when I removed the plugin, hopefully I still have that backup.
  24. Offline


    I cant start My server now. I get the same error, tried re-starting server same thing. I removed the plugins made sure no other wierd plugins around

    12.09 08:11:30 [Multicraft] Not restarting crashed server.
    12.09 08:11:30 [Multicraft] Server stopped
    12.09 08:11:30 [Multicraft] Looks like a crash, check the server console. Return value: 1
    12.09 08:11:30 [Multicraft] Server shut down
    12.09 08:11:30 [Server] INFO Please see
    12.09 08:11:30 [Server] INFO This is a public service announcement; your server has been compromised by 1 (or more) malicious plugins.
    12.09 08:11:29 [Server] INFO This server is running CraftBukkit version git-Bukkit-1.6.2-R1.0-b2879jnks (MC: 1.6.2) (Implementing API version 1.6.2-R1.0)
    12.09 08:11:29 [Server] INFO Starting Minecraft server on
    12.09 08:11:28 [Server] INFO Generating keypair
    12.09 08:11:28 [Server] INFO Default game type: SURVIVAL
    12.09 08:11:28 [Server] INFO Loading properties
    12.09 08:11:28 [Server] INFO Starting minecraft server version 1.6.2
    12.09 08:11:28 [Multicraft] Loaded config for "CraftBukkit Recommended Build 1.6.2-R1.0 Build # 2879"
    12.09 08:11:28 [Multicraft] Starting server!
    12.09 08:11:28 [Multicraft] Loading server properties
    12.09 08:11:28 [Multicraft] Received start command
    12.09 08:11:20 [Multicraft] Loading server properties
  25. Offline


    Thanks for notifying everyone! ;) InfiniteDispensers would have had great potential if it didn't contain malicious code.
  26. Try updating to latest build (in multicraft it's the latest reccommended one) and if that doesn't work... That's not good...
  27. Offline


    Im using Build #2879 1.6.2-R1.0 RB...
  28. Offline


    Use this one

    Yes it's a dev build, but just see if it works before you say no.
  29. Offline


    12.09 09:31:20 [Multicraft] Not restarting crashed server.
    12.09 09:31:20 [Multicraft] Server stopped
    12.09 09:31:20 [Multicraft] Looks like a crash, check the server console. Return value: 1
    12.09 09:31:20 [Multicraft] Server shut down
    12.09 09:31:19 [Server] INFO Stopping server
    12.09 09:31:19 [Server] INFO Please see
    12.09 09:31:19 [Server] INFO This is a public service announcement; your server has been compromised by 1 (or more) malicious plugins.
    12.09 09:31:18 [Server] INFO This server is running CraftBukkit version git-Bukkit-1.6.2-R1.0-1-g22f47a8-b2881jnks (MC: 1.6.2) (Implementing API version 1.6.2-R1.1-SNAPSHOT) <-----------------------
    12.09 09:31:18 [Server] INFO Starting Minecraft server on
    12.09 09:31:17 [Server] INFO Generating keypair
    12.09 09:31:17 [Server] INFO Default game type: SURVIVAL
    12.09 09:31:17 [Server] INFO Loading properties
    12.09 09:31:17 [Server] INFO Starting minecraft server version 1.6.2
    12.09 09:31:17 [Multicraft] Loaded config for "Default"
    12.09 09:31:17 [Multicraft] Starting server!

    Still no...
  30. Offline


    Based on your log, it looks like you didn't remove all your plugins. The INFO regarding a "public service announcement" is not found or generated by a standard Minecraft or Bukkit server. Please make sure you've removed all plugins you're not familiar with from your server before trying to start it up again.
  31. Offline


    indeed just noticed a: securitypsa.jar

    Thanks alot for the help!
Thread Status:
Not open for further replies.

Share This Page