[PSA] Regarding Hacked Clients & Fake Plugins

Discussion in 'Bukkit Discussion' started by Kaikz, Jun 5, 2012.

Thread Status:
Not open for further replies.
  1. Offline

    zipfe

    JOPHESTUS likes this.
  2. Offline

    TheLimaBeanman

    Found you on HF.
     
  3. Offline

    Jade Retired Staff

    Found that you actually have an account of your own in order to verify it is him.
     
    np98765, Kaikz and Sushi like this.
  4. Offline

    JOPHESTUS

    You should sticky this thread
     
  5. Offline

    Kaikz

    And? This proves nothing.
     
  6. Offline

    TheLimaBeanman

    No, I was just glad to find you there. I use HF to advertise my server.
     
  7. Offline

    Sushi

    I have an HF account too, you would be surprised who has one.

    I bet that a large part of the people on HackForums aren't actually hackers per se.
     
    TheLimaBeanman likes this.
  8. Offline

    Joshuame13

    Another thing you might think about adding is Sketch's "ForceOp" SessionStealer thing. To be clear , IT ISN'T A FORCE OP, but that's what it is commonly called. It allows someone to get op on your server without you oping them, downloading a malicious file, or something of that sort. All you have to do for them to gain op is connect to their (fake) server. SessionStealer makes a fake server on the hacker's computer. If you connect to their IP, it takes your validation info that you use to log into their server and forewords it to your own server. Then, logged in to your own server as you, it sends a chat message, usually in the form of "/op [hacker name here]." All this happens while you are thinking you are connecting to the hacker's home server. After it is done, (you are still waiting on the connecting... screen), it kicks you for a customizable message, usually like "End of Stream" or "Outdated Server." You go away thinking that their server just doesn't work and the hacker goes away with op. Even something as simple as logging into a server can give someone access to your server.

    Thanks for reading,
    Josh
     
  9. Offline

    Kaikz

    As far as I know, session stealers have been fixed.
     
  10. Offline

    md_5

    * in 1.3, but yeah point remains, no need to worry.
     
  11. Offline

    Kaikz

    eh, I heard it was already fixed with something to do with the username. Obviously not.

    But yeah, it's fixed for the most part. sk's new method with WorldGuard, or just block sensitive commands, which NoCheat+ does with /op.
     
Thread Status:
Not open for further replies.

Share This Page