Whitelist Exploit? Possible bypass...

Discussion in 'Bukkit Discussion' started by JEB101, May 16, 2011.

Thread Status:
Not open for further replies.
  1. This weekend I got on my server to see it was griefed... I found that very strange because it's only me and a few close friends who play, so I know it wasn't one of them.

    My server is whitelisted and has only us 4 in the list, but I seen a connection from Chile (70.41.x.x) and was getting loads of bad packet errors, and from there the world got pretty much blown up. That's not the issue as I keep a 3x daily backup of the server, but I found it troubling that there was a connection that started with malformed packet and allowed the player in the server without being whitelisted.

    I wish I knew more details on how this was done, but I just wanted to point out what happened.


    Cheers
     
  2. Offline

    CptTwinklez

    Do you have online mode set to false?
     
  3. All settings done proper, it's set to True, thats what's troubling me.. I changed ports, IP, and domain name, so he'd have to find me again, so far no other attempt. Made me use WorldGuard though..
     
  4. Offline

    AgentKid

    Huh, odd. Can you post your server.log file for that night?
     
  5. Offline

    chronopolis

    I'm also interested in how this happened...hopefully this doesn't become common :oops:
     
  6. Once i get home tonight after work I will post the log file for the event, it was pretty uneventful from what I seen, just the initial Connection that was introduced via bad packet, no disconnect notices, just a socket error.

    Frig... It seems that my script did it's job, the file hit over 3MB and it overwrites it blank...

    So far I have not had any more attempts. Since I don't have the info, I guess this should be shelved as there is no logs to see what really happened, and no way to know if it's an exploit or my mistake (went over config seems OK though..)

    If I get more info I will update this thread.

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: Jul 16, 2016
  7. Offline

    xZise

  8. That there is a good idea xZise.. I'll have to throw a quick server together see if I can't get his info.. I should of enabled monitoring on my router, just never really bothered to enable it on my home line. I'll setup a vlan and monitor just that. From what I could see though it was all coming from IP's in Chile so I would assume just one person.. Because c'mon, who hacks into a Minecraft Server?? lol
     
  9. Offline

    xZise

    Ehr not to catch the hacker or whatever. To reproduce the error and have a server.log?

    You think you find a exploit, but … you have no informations that helps. You saw bad packets on the server.log ... Oh c'mon. rofl.

    Fabian
     
  10. Yea, that would be the ultimate result, just want to gather info on what he's doing, monitor all the in/out traffic going to that server, hopefully get info on how he's doing it, and not just have server logs.
     
  11. Offline

    Sep99

    There used to be a whitelist bypass hack, but mojang patched it and it is now impossible.
     
  12. Offline

    zipfe

    You should go with a much more probably cause for the griefing: A sibling or troll got access to a computer used by one of your whitelisted friends.
     
Thread Status:
Not open for further replies.

Share This Page