- Native Minecraft Version:
- Tested Minecraft Versions:
- Source Code:
- Languages Supported:
- TranslateableNOTICE: Versions prior to 3.6 are all vulnerable (including BungeeGuard, we're working on implementing the solution there). Please upgrade to the latest version as soon as possible. BungeeCord 1.19 and ProtocolLib 5.0.0 are required. You can also use 3.6-LEGACY (download from GitHub) if you need to use ProtocolLib 4.8.0.
You can also star the repository on GitHub, if you feel like it's a better place to get notifications, updates and releases from.
SafeNET is a lightweight plugin protecting you from direct backend server access and IP-forwarding bypass exploit, mainly for those who cannot access or configure their firewall systems. The plugin has been serving protection for everyone since 2019, connecting BungeeGuard (from which it took the inspiration) and the good old IP-whitelisting feature.
What is IP-forwarding bypass?
When using a proxy server (e.g. BungeeCord) to connect your servers together, the backend servers must run in offline mode, disabling account authentication. That enables hackers and unauthorized users to join backend servers with whatever account freely (including yours as an admin).
Each player has their own profile, which contains information about them (UUID, skin textures...). These data are given to the proxy server when a player joins and then forwarded by the proxy to each of the backend servers, when you're being connected to them. This plugin uses a passphrase, which is inserted into the player's profile and then forwarded to the backend servers to check for integrity.
After an exploit has been found, which allows for packets to be uncaught during a specific timeframe, effectively bypassing the authentication and leaving your server vulnerable, this system's been enriched with sessions. A special session key is generated each time the server starts, is attached to player's profile when authenticated and is verified when the player is on the edge of joining the server (spawning into the world). Sessions patch any possible way around the initial authentication.
Why to use SafeNET over other plugins?
You can't go wrong with classic BungeeGuard, however, if you would also like to use the IP-whitelist and have always up-to-date software with the newest standards, this is the way to go. The plugin also supports GeyserMC ( including Floodgate), which other plugins do not. Logs everything to the console for easy verification and control over connection flow.
The plugin has been downloaded 13K+ times, and (on average) is active on 300+ networks managing over 1500 backend servers.
Setup and support
Download the latest release from the panel on the right. BungeeCord 1.19 and ProtocolLib 5.0.0 or newer are required. Alternatively, use version 3.6-LEGACY, which allows for use of older ProtocolLib releases. If you're still using version 3.5 or older, immediately upgrade to at least 3.6.
You can view the setup instructions at the wiki. If you need help with anything, feel free join the Discord server (nonstop 24/7 support). Or, just to talk with us
Licensed under Apache License 2.0.
SafeNET (SecuredNetwork) [1.8 - 1.19] - Protect your network from IP-forward bypass exploit. 3.6
A lightweight protection from IP-forward bypass exploit for your network.