I read this topic about a server getting griefed and destroyed by some kind of session stealer, my question is the following: What exactly do they do? and How do they do it? Note: I'm asking this because I'm thinking of making a plugin that protects your server from hackers and such.
It was patched.. Basically, minecraft sends an authentication / session id when joining a server (or it used to) or something like that When you joined the fake 'bait' server, it grabbed the session id and used it. They could then log on to your server with your session and they'd have whatever perms or items you had... It's impossible to patch server-side, but it was and I believe still is patched client-side, so that server is either full of liars or there's a new method (which I doubt)
I was patchable server-side. There even has been a feature in WorldGuard to do that, but you had to set it up for every player, which wasn't very convenient, but it was good enough to protect server staff/owners.
I think the plugin checked what subdomain you used to connect or something like that. You could then create a secret sub-domain for each user or something. I don't know how exactly it worked, but if you're really interested, you could look it up on the developer's blog.
What I would do Is getting the session ID, then saving it and the IP and compare it if its the same and such (ofc if the session ID is the same)