[PSA] Regarding Hacked Clients & Fake Plugins

Discussion in 'Bukkit Discussion' started by Kaikz, Jun 5, 2012.

Thread Status:
Not open for further replies.
  1. Offline


    JOPHESTUS likes this.
  2. Offline


    Found you on HF.
  3. Offline


    Found that you actually have an account of your own in order to verify it is him.
    np98765, Kaikz and Sushi like this.
  4. Offline


    You should sticky this thread
  5. Offline


    And? This proves nothing.
  6. Offline


    No, I was just glad to find you there. I use HF to advertise my server.
  7. Offline


    I have an HF account too, you would be surprised who has one.

    I bet that a large part of the people on HackForums aren't actually hackers per se.
    TheLimaBeanman likes this.
  8. Offline


    Another thing you might think about adding is Sketch's "ForceOp" SessionStealer thing. To be clear , IT ISN'T A FORCE OP, but that's what it is commonly called. It allows someone to get op on your server without you oping them, downloading a malicious file, or something of that sort. All you have to do for them to gain op is connect to their (fake) server. SessionStealer makes a fake server on the hacker's computer. If you connect to their IP, it takes your validation info that you use to log into their server and forewords it to your own server. Then, logged in to your own server as you, it sends a chat message, usually in the form of "/op [hacker name here]." All this happens while you are thinking you are connecting to the hacker's home server. After it is done, (you are still waiting on the connecting... screen), it kicks you for a customizable message, usually like "End of Stream" or "Outdated Server." You go away thinking that their server just doesn't work and the hacker goes away with op. Even something as simple as logging into a server can give someone access to your server.

    Thanks for reading,
  9. Offline


    As far as I know, session stealers have been fixed.
  10. Offline


    * in 1.3, but yeah point remains, no need to worry.
  11. Offline


    eh, I heard it was already fixed with something to do with the username. Obviously not.

    But yeah, it's fixed for the most part. sk's new method with WorldGuard, or just block sensitive commands, which NoCheat+ does with /op.
Thread Status:
Not open for further replies.

Share This Page