BungeeGuard 1.2.2

A simple plugin which adds a security token to the BungeeCord handshaking protocol.

  1. Luck
    Tested Minecraft Versions:
    • 1.8
    • 1.9
    • 1.10
    • 1.11
    • 1.12
    • 1.13
    • 1.14
    • 1.15
    • 1.16
    • 1.17
    Source Code:
    https://github.com/lucko/BungeeGuard
    BungeeGuard

    BungeeGuard is a plugin-based security/firewall solution for BungeeCord (and Velocity) proxies.

    The problem
    BungeeCord installations are insecure by default, and require additional firewall rules to be configured (using iptables or otherwise) to prevent malicious users from bypassing the proxy and connecting using any uuid/username they choose.

    This is a well-known issue, and over the years many (even large) servers have been successfully targeted using this attack.

    The conventional solution
    The conventional solution recommended by the BungeeCord author is to configure a firewall rule using iptables or ufw to prevent outside connections to the backend servers.

    However, there are two main problems with this:
    1. Configuring these firewall rules is complicated, especially for inexperienced users.
      1. Even experienced users sometimes make mistakes or overlook things. Unless the setup is absolutely perfect, rules are prone to being broken during later changes, or reset on system reboot.
    2. Users on "shared hosting" do not have access to the underlying system and most likely cannot setup their own firewall rules.
    The BungeeGuard solution
    Server admins install BungeeGuard (just an ordinary plugin!) on their proxies and backend servers.
    • On the proxy, BungeeGuard adds a secret "authentication token" to the login handshake.
    • On the backend (Spigot etc. server), BungeeGuard checks login handshakes to ensure they contain an allowed authentication token.
    It's really that simple.

    Installation
    Installation is very straightforward.

    If you have access to the underlying system and are able to setup firewall rules using iptables (or otherwise), I strongly recommend you do so. Then, install BungeeGuard as well.

    See here for a detailed install guide.

    License
    BungeeGuard is licensed and made available under the permissive MIT license. Please see here for more information.
    Flak, ddefr, Spectific_XD and 7 others like this.

Recent Updates

  1. 1.2.2
  2. 1.2.1
  3. 1.2.0

Recent Reviews

  1. Vlad54
    Vlad54
    5/5,
    Version: 1.2.2
    Лучший плагин для закрытия такой дыры на банже для тех кто не может на хостинге закрыть порты
  2. aventas
    aventas
    5/5,
    Version: 1.2.2
    Best plugin, please add support for 1.17 as soon as you can, your plugin is best :)
  3. GreenArrow99
    GreenArrow99
    5/5,
    Version: 1.2.2
    This is the best plugin i've seen. Keep it up! I hope the plugin stays for a decade.
  4. MrJuancho
    MrJuancho
    5/5,
    Version: 1.2.2
    Very good!!!!
    first dont work on 1.8.8 spigot, but is bungeecord version
    i update this and work!!
    this is the error: BungeeCord old version
  5. Athame
    Athame
    5/5,
    Version: 1.2.2
    Thanks for update, I use on my server this plugin, i suggest you use. You won't regret it
  6. KazMNF
    KazMNF
    5/5,
    Version: 1.2.0
    Great plugin.
    Recommended for any cord server owners specially for shared hosting users.
  7. Rulol4
    Rulol4
    5/5,
    Version: 1.2.0
    works perfectly and very easy to setup. I recommend this plugin for every server.
  8. javajake123
    javajake123
    5/5,
    Version: 1.2.0
    Works very well on my 1.16.5 servers but on my 1.8 server (ProtocolLib installed) I get this error;


    04.04 17:29:41 [Server] INFO [07:29:41 INFO]: Replace Blocks: [1, 5]
    04.04 17:29:41 [Server] INFO [07:29:41 INFO]: Nerfing mobs spawned from spawners: false
    04.04 17:29:41 [Server] INFO [07:29:41 INFO]: Cactus Growth Modifier: 100%
    04.04 17:29:41 [Server] INFO [07:29:41 INFO]: Cane Growth Modifier: 100%
    04.04 17:29:41 [Server] INFO [07:29:41 INFO]: Melon Growth Modifier: 100%
    04.04 17:29:41 [Server] INFO [07:29:41 INFO]: Mushroom Growth Modifier: 100%
    04.04 17:29:41 [Server] INFO [07:29:41 INFO]: Pumpkin Growth Modifier: 100%
    04.04 17:29:41 [Server] INFO [07:29:41 INFO]: Sapling Growth Modifier: 100%
    04.04 17:29:41 [Server] INFO [07:29:41 INFO]: Wheat Growth Modifier: 100%
    04.04 17:29:41 [Server] INFO [07:29:41 INFO]: NetherWart Growth Modifier: 100%
    04.04 17:29:41 [Server] INFO [07:29:41 INFO]: Entity Activation Range: An 32 / Mo 32 / Mi 16
    04.04 17:29:41 [Server] INFO [07:29:41 INFO]: Entity Tracking Range: Pl 48 / An 48 / Mo 48 / Mi 32 / Other 64
    04.04 17:29:41 [Server] INFO [07:29:41 INFO]: Hopper Transfer: 8 Hopper Check: 8 Hopper Amount: 1
    04.04 17:29:41 [Server] INFO [07:29:41 INFO]: Random Lighting Updates: false
    04.04 17:29:41 [Server] INFO [07:29:41 INFO]: Structure Info Saving: true
    04.04 17:29:41 [Server] INFO [07:29:41 INFO]: Sending up to 10 chunks per packet
    04.04 17:29:41 [Server] INFO [07:29:41 INFO]: Max Entity Collisions: 4
    04.04 17:29:41 [Server] INFO [07:29:41 INFO]: Custom Map Seeds: Village: 10387312 Feature: 14357617
    04.04 17:29:41 [Server] INFO [07:29:41 INFO]: Max TNT Explosions: 100
    04.04 17:29:41 [Server] INFO [07:29:41 INFO]: Tile Max Tick Time: 50ms Entity max Tick Time: 50ms
    04.04 17:29:42 [Multicraft] Skipped 120 lines due to rate limit (30/s)
    04.04 17:29:42 [Server] INFO [07:29:42 INFO]: Preparing spawn area: 99%
    04.04 17:29:42 [Server] INFO [07:29:42 INFO]: Preparing start region for level 1 (Seed: 2490884370782286738)
    04.04 17:29:43 [Server] INFO [07:29:43 INFO]: Preparing start region for level 2 (Seed: 2490884370782286738)
    04.04 17:29:43 [Server] INFO [07:29:43 INFO]: [BungeeGuard] Enabling BungeeGuard v1.2-SNAPSHOT
    04.04 17:29:43 [Server] INFO [07:29:43 INFO]: [BungeeGuard] Using ProtocolLib to listen for connections.
    04.04 17:29:43 [Server] INFO [07:29:43 INFO]: Server permissions file permissions.yml is empty, ignoring it
    04.04 17:29:43 [Server] Startup [07:29:43 INFO]: Done (2.057s)! For help, type "help" or "?"
    04.04 17:29:43 [Server] INFO [07:29:43 INFO]: Timings Reset
    04.04 17:30:17 [Server] INFO [07:30:17 INFO]: Error Unable to inject incoming channel [id: 0x0a28f4c2, L:/51.161.132.10:25595 - R:/139.99.149.231:56191]. (java.lang.IllegalArgumentException: Unable to find NetworkManager in [id: 0x0a28f4c2, L:/51.161.132.10:25595 - R:/139.99.149.231:56191]) occured in [email protected]
    04.04 17:30:17 [Server] INFO [07:30:17 ERROR]: [ProtocolLib] INTERNAL ERROR: Unable to inject incoming channel [id: 0x0a28f4c2, L:/51.161.132.10:25595 - R:/139.99.149.231:56191].
    04.04 17:30:17 [Server] INFO If this problem hasn't already been reported, please open a ticket
    04.04 17:30:17 [Server] INFO at https://github.com/dmulloy2/ProtocolLib/issues with the following data:
    04.04 17:30:17 [Server] INFO Stack Trace:
    04.04 17:30:17 [Server] INFO java.lang.IllegalArgumentException: Unable to find NetworkManager in [id: 0x0a28f4c2, L:/51.161.132.10:25595 - R:/139.99.149.231:56191]
    04.04 17:30:17 [Server] INFO at com.comphenix.protocol.injector.netty.InjectionFactory.findNetworkManager(InjectionFactory.java:209)
    04.04 17:30:17 [Server] INFO at com.comphenix.protocol.injector.netty.InjectionFactory.fromChannel(InjectionFactory.java:142)
    04.04 17:30:17 [Server] INFO at com.comphenix.protocol.injector.netty.ProtocolInjector$1.initChannel(ProtocolInjector.java:155)
    04.04 17:30:17 [Server] INFO at io.netty.channel.ChannelInitializer.initChannel(ChannelInitializer.java:129)
    04.04 17:30:17 [Server] INFO at io.netty.channel.ChannelInitializer.handlerAdded(ChannelInitializer.java:112)
    04.04 17:30:17 [Server] INFO at io.netty.channel.AbstractChannelHandlerContext.callHandlerAdded(AbstractChannelHandlerContext.java:938)
    04.04 17:30:17 [Server] INFO at io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:609)
    04.04 17:30:17 [Server] INFO at io.netty.channel.DefaultChannelPipeline.addLast(DefaultChannelPipeline.java:223)
    04.04 17:30:17 [Server] INFO at io.netty.channel.DefaultChannelPipeline.addLast(DefaultChannelPipeline.java:381)
    04.04 17:30:17 [Server] INFO at io.netty.channel.DefaultChannelPipeline.addLast(DefaultChannelPipeline.java:370)
    04.04 17:30:17 [Server] INFO at com.comphenix.protocol.injector.netty.ProtocolInjector$2.initChannel(ProtocolInjector.java:169)
    04.04 17:30:17 [Server] INFO at io.netty.channel.ChannelInitializer.initChannel(ChannelInitializer.java:129)
    04.04 17:30:17 [Server] INFO at io.netty.channel.ChannelInitializer.handlerAdded(ChannelInitializer.java:112)
    04.04 17:30:17 [Server] INFO at io.netty.channel.AbstractChannelHandlerContext.callHandlerAdded(AbstractChannelHandlerContext.java:938)
    04.04 17:30:17 [Server] INFO at io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:609)
    04.04 17:30:17 [Server] INFO at io.netty.channel.DefaultChannelPipeline.access$100(DefaultChannelPipeline.java:46)
    04.04 17:30:17 [Server] INFO at io.netty.channel.DefaultChannelPipeline$PendingHandlerAddedTask.execute(DefaultChannelPipeline.java:1463)
    04.04 17:30:17 [Server] INFO at io.netty.channel.DefaultChannelPipeline.callHandlerAddedForAllHandlers(DefaultChannelPipeline.java:1115)
    04.04 17:30:17 [Server] INFO at io.netty.channel.DefaultChannelPipeline.invokeHandlerAddedIfNeeded(DefaultChannelPipeline.java:650)
    04.04 17:30:17 [Server] INFO at io.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:502)
    04.04 17:30:17 [Server] INFO at io.netty.channel.AbstractChannel$AbstractUnsafe.access$200(AbstractChannel.java:417)
    04.04 17:30:17 [Server] INFO at io.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:474)
    04.04 17:30:17 [Server] INFO at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164)
    04.04 17:30:17 [Server] INFO at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:472)


    Thanks!
  9. Monci
    Monci
    5/5,
    Version: 1.2.0
    Super Nice plugin. you can combo this plugin with queue plugin that need retricted: false.
  10. qwertyuiop123356
    qwertyuiop123356
    5/5,
    Version: 1.2.0
    thank u! This plugin saved my serv)))

    -----------------------------------
    upd: ty for luckperms too