SafeNET (SecuredNetwork) [1.8 - 1.19] - Protect your network from IP-forward bypass exploit. 3.6

A lightweight protection from IP-forward bypass exploit for your network.

  1. dejvokep
    Native Minecraft Version:
    1.19
    Tested Minecraft Versions:
    • 1.8
    • 1.9
    • 1.10
    • 1.11
    • 1.12
    • 1.13
    • 1.14
    • 1.15
    • 1.16
    • 1.17
    • 1.18
    • 1.19
    Source Code:
    https://github.com/dejvokep/secured-network
    Languages Supported:
    Translateable
    NOTICE: Versions prior to 3.6 are all vulnerable (including BungeeGuard, we're working on implementing the solution there). Please upgrade to the latest version as soon as possible. BungeeCord 1.19 and ProtocolLib 5.0.0 are required. You can also use 3.6-LEGACY (download from GitHub) if you need to use ProtocolLib 4.8.0.

    You can also star the repository on GitHub, if you feel like it's a better place to get notifications, updates and releases from.


    SafeNET

    SafeNET is a lightweight plugin protecting you from direct backend server access and IP-forwarding bypass exploit, mainly for those who cannot access or configure their firewall systems. The plugin has been serving protection for everyone since 2019, connecting BungeeGuard (from which it took the inspiration) and the good old IP-whitelisting feature.

    [​IMG]

    What is IP-forwarding bypass?
    When using a proxy server (e.g. BungeeCord) to connect your servers together, the backend servers must run in offline mode, disabling account authentication. That enables hackers and unauthorized users to join backend servers with whatever account freely (including yours as an admin).

    Each player has their own profile, which contains information about them (UUID, skin textures...). These data are given to the proxy server when a player joins and then forwarded by the proxy to each of the backend servers, when you're being connected to them. This plugin uses a passphrase, which is inserted into the player's profile and then forwarded to the backend servers to check for integrity.

    After an exploit has been found, which allows for packets to be uncaught during a specific timeframe, effectively bypassing the authentication and leaving your server vulnerable, this system's been enriched with sessions. A special session key is generated each time the server starts, is attached to player's profile when authenticated and is verified when the player is on the edge of joining the server (spawning into the world). Sessions patch any possible way around the initial authentication.

    Why to use SafeNET over other plugins?
    You can't go wrong with classic BungeeGuard, however, if you would also like to use the IP-whitelist and have always up-to-date software with the newest standards, this is the way to go. The plugin also supports GeyserMC ( including Floodgate), which other plugins do not. Logs everything to the console for easy verification and control over connection flow.

    The plugin has been downloaded 13K+ times, and (on average) is active on 300+ networks managing over 1500 backend servers.

    Setup and support
    Download the latest release from the panel on the right. BungeeCord 1.19 and ProtocolLib 5.0.0 or newer are required. Alternatively, use version 3.6-LEGACY, which allows for use of older ProtocolLib releases. If you're still using version 3.5 or older, immediately upgrade to at least 3.6.

    You can view the setup instructions at the wiki. If you need help with anything, feel free join the Discord server (nonstop 24/7 support). Or, just to talk with us ;)

    Licensed under Apache License 2.0.
    jrodlan, Getris, Caye and 8 others like this.

Recent Reviews

  1. UsainSrht
    UsainSrht
    5/5,
    Version: 3.6
    I contacted with the author when I had an issue with the plugin and he helped me. Good plugin.
  2. angelillo1508
    angelillo1508
    5/5,
    Version: 3.6
    Great plugin, i use it like for 2 years and it work very well, very easy to config
  3. BoolyStudy
    BoolyStudy
    1/5,
    Version: 3.6
    this version brings many version errors, for example plugins viaversion and descent
    1. dejvokep
      Author's Response
      I’m sorry to hear that, I cannot see any issues with ViaVersion yet (only with GeyserMC).

      If you are willing to fix the issue, please use any contact method other than reviews, which is probably the worst one to report bugs on.

      We care and read about every single message and so we will about yours. You can also see reviews from other people that this is the case.

      Looking forward to hearing from you. :)
      ~ dejvokep
  4. omgmagic
    omgmagic
    5/5,
    Version: 3.5
    Good and friendly dev
    Professional support team

    I would recommend it, working fine.
  5. hellot1M
    hellot1M
    5/5,
    Version: 3.5
    Fairly new to this plugin, recently switched from bungeeguard and I'm very impressed. Super easy to set up and very lightweight! I only had one issue but that was user error. Unlike other protection plugins, do not update this plugin to 3.5 if you are still running a 1.18.2 server. This plugin is not backwards compatible. Beyond that, 10/10 would recommend over all other protection plugins.
  6. ZullCandy
    ZullCandy
    5/5,
    Version: 3.5
    Best plugin, I've used this plugin for about 3 months now and have hade no issues at all and the best support ive seem
  7. VitalikSpigo
    VitalikSpigo
    5/5,
    Version: 3.4
    Nice plugin, but you can add core velocity support, it would be nice to do this Add, please!
  8. DuckiiVN
    DuckiiVN
    5/5,
    Version: 3.4
    SecuredNetwork is a really good plugin that helps us protect our backend server from hackers, I highly recommend this plugin for you and your servers.
  9. Blackp45
    Blackp45
    3/5,
    Version: 3.3
    Funciona todo, menos la ip whitelist, es su gran punto malo. Su soporte igualmente es muy bueno
    1. dejvokep
      Author's Response
      I’m sorry to hear you are having troubles configuring the plugin.

      I agree that IP-whitelist might sometimes be hard to configure, as the configuration varies from user to user due to their DNS configuration.

      If using the latest version, you should have received a message in the console saying what address the player used, which should help you with a proper setup. Sometimes people need help - and that’s we are always here for you and will guide you as quick as possible.

      We really appreciate what people say about us and the support and I see your positive feedback. Thank you.

      I, unfortunately, can’t see your ticket, so I am unable to help you further. If you are interested in solving this together, make sure to create another one and let us know that it’s you.

      Alternatively, do not forget that the IP-whitelist is only a decoration and does not take part in the security aspect - you can freely disable it.

      Looking forward to hearing from you; have an awesome day :)
      ~ dejvokep
  10. LtAkmal
    LtAkmal
    5/5,
    Version: 3.3
    Well, this plugin good and i like it, very good, its worth it at all. easy setup.