AntiGrief Guide

Discussion in 'Server & Community Management' started by xFr33z3_, Aug 18, 2018.

?

My server has got griefed.

  1. Never.

    66.7%
  2. 1 Time.

    33.3%
  3. A lot of times.

    0 vote(s)
    0.0%
  1. Hello guys, i Want to post an Guide of AntiGriefing.

    ANTIGRIEFING (The Main Bugs)

    1 × BungeeBypass: consists of scanning the ports of a server, finding a door you can enter at least once.

    Correction ~ (Install on all BungeeWhitelist or IPWhitelist servers with IPWhitelistFix, configure and end)

    2 × UUID Spoofing: This BUG is based on the first bug but this can be used on the server where it is located.

    Correction × (The same fixes as the first bug + UUIDSpoof Fix by zPirroz3007)

    3 × Authme Bypass: In itself is not a bug of Authme but it becomes when it is used to pass the login deceiving, the bug closes in the execution of Bungeecord commands before login trying to overcome it.
    So, this bug will seem like a bullshit but go on Minecraft-Italy and before login fate / sr.

    Fix × (Block commands before login does not take anything, search on Spigot or AuthMeBridge Ultima Versionr)

    4 × BungeeExploit: I will not talk much about this bug, but suffice it to say that it is very little known and that it works on very few plugins including the very famous AuthmeBridge, however this is now a bug fixed by the creators themselves.

    Fix × (Always updated plug-in for bungeecord to the latest version including AuthmeBridge)

    × Some advice ×

    Close the doors with IPTables
    Command: iptables -I INPUT! -s <IP of BungeeCord> -p tcp --dport <Port> -j DROP.

    Install AntiForceOp to prevent any administrator from opting / pexing a griefer.

    Lock all administrator commands with ConsoleOnly.
    (Op, deop, pex, demote, promote)

    If done Plugman, block interaction with any plugin can be useful to protect your server.
    (You should find a point in the config where there is [Plugman] put a comma to split plug-in Plugman, Authme, etc.

    Use very high or very low range for ports
    (Eg 200-300, 40000-45000)
    RANGE FROM 25565 TO 25599 ARE NOT SAFE.

    Install PremiumLock and lock the accounts of all the staff on your server.

    Plugin Put as BungeePerms to dare the Bungeecord permissions, and in the Bungee config and replace the nickname from admin md_5 with yours.

    Use passwords that are not your favorite names due to your nickname
    (ex: Nick: xFr33z3_ Password: ice123)

    Soon I will release a plugin that blocks the use of the 2 points in which you can trust that it is very useful.
    Yes already exists but mine is customizable without decompiling it.
     
  2. Strahan

    Benefactor

    Changing port number is not a security measure. It does not help at all, as it's stupid simple to determine what it was changed to.