1.16.5 a spigot server from bungee: logged in from another location

Discussion in 'Server & Community Management' started by theflamingomg, Apr 14, 2021.

  1. Recently i my server got attacked somehow via strange glitch, which kick out everyone, and then who tries to connect the server with: logged in from another location, and the guys who did it could enter, but anything more, and spam in console

    [ALERT 90] Download this plugin to fix this NTE Kick issue: https://2no.co/2j29A6

    which obviously has to be a malicious jar
    and a lot of litebans errors:
    0] [User Authenticator #22/WARN]: [LiteBans] AsyncPlayerPreLoginEvent.getAddress() == null (LolitoMc2020)
    [04:20:00] [User Authenticator #24/WARN]: [LiteBans] AsyncPlayerPreLoginEvent.getAddress() == null (LolitoMc2020)
    [04:20:00] [User Authenticator #23/WARN]: [LiteBans] AsyncPlayerPreLoginEvent.getAddress() == null (LolitoMc2020)
    [04:20:01] [User Authenticator #22/INFO]: UUID of player angelelsabroso is [CENSORED]
    [04:20:01] [Server thread/INFO]: Disconnecting [email protected][CENSORED],name=angelelsabroso,properties={},legacy=false] (

    If someone knows further about that, please help me!
    its a spigot server from a bungee [the only which is getting affected by this]
     
  2. You need to firewall off your Spigot servers: currently, people can log in to your server directly as you, since your Spigot servers are in offline mode
     
  3. yes i use iptables as firewall , yet i think the plugins were infected and thats the way they enter in, they didnt enter since i reuploaded ''the malicious plugins [6* hours has passed]''
    this is my iptables:
    iptables -P FORWARD ACCEPT
    iptables -P INPUT DROP
    iptables -P OUTPUT ACCEPT
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
    iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
    iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
    iptables -A INPUT -p tcp --dport 21 -m state --state NEW -j ACCEPT
    iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
    iptables -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT
    iptables -A INPUT -p tcp --dport 25565 -m state --state NEW -j ACCEPT
    iptables -A INPUT -p tcp --dport m state --state NEW -j ACCEPT
     
    #5 theflamingomg, Apr 14, 2021
    Last edited: Apr 15, 2021
  4. Remove the last rule. Your Spigot servers should not be exposed to the internet: it's only a matter of time until someone griefs them
     
  5. I need the rule in order to make possible the connection
     
  6. Your Bungee server should connect to your Spigot server via the local network. Your server can currently be griefed by anyone at any point very easily.
     
    • Agree Agree x 1
  7. The problem is that spigot server is on another dedicated server not the same, the bungee is on other dedi
     
  8. Then allow connections ONLY from that other dedi ip to your spigot ports.
     
  9. Hello may i ask you how its the iptable to do that? Thanks, sorry for my unexpertise
     
  10. The iptables flag -s is used to specify the source address. For example:
    -A INPUT -s 1.1.1.1 -p tcp --dport 25566 -j ACCEPT
     
    • Friendly Friendly x 1
  11. So i removed the other table and added this one, now im safe? Also very thankful for this help
     
  12. You should only replace
    Code (Text):
    iptables -A INPUT -p tcp --dport 25565 -m state --state NEW -j ACCEPT
    with
    Code (Text):
    iptables -A INPUT -s 1.1.1.1 -p tcp --dport 25565 -m state --state NEW -j ACCEPT
    (obv. replace 1.1.1.1 with your bungee server ip)
     
  13. but dont i need this port be open to allow the server itself connect? 25565 is the minecraft default port, and i use 25566 for the server
    [i dont use 25565 as server port, i though it was a must to have it open, in order to make server work]
     
  14. Then replace 25565 with 25566 in the new command. And make sure that it is the only line with the 25566 port.
     
    • Agree Agree x 1
  15. iptables -A INPUT -p tcp --dport 25565 -m state --state NEW -j ACCEPT
    iptables -A INPUT -s bungeeip -p tcp --dport 25566 -m state --state NEW -j ACCEPT <= this is the port in server.prop i have

    its ok like this?
     
  16. You don't need the port 25565 line if no server runs on it.
     
    • Friendly Friendly x 1
  17. Please, do not use IPTables, use UFW, is better... For more information about all this, you can read my full guide just here
     
  18. Iptables its the same
     
    • Agree Agree x 2