AuthMe exploit

Discussion in 'Spigot Plugin Help' started by AleksBG1, May 31, 2017.

  1. Hey guys! I need immediatly help! Today 3 of my admins has rejected accounts. I was looking logs and player with same ip is joining from theur accounts. I changed their passwords and he is still joining. I banned his ip and he changed it ... Now he is playing with nick of other player... Please help me.. Im using AuthMe reloaded on spigot 1.10.2 with viaversion and viabackwards(1.9-1.11). Im using bungeecord and all my servers has ipwhitelist...
  2. Put a proper firewall on the ports of your servers this is not even a exploit
  3. You probably didn't set up ipwhitelist correctly. Use a plugin like OnlyProxyJoin or set up a proper firewall like @superbrain12 said if that's within your range control.
  4. Dude i have ipwhitelist in every server working corectly..
  5. Apparently not. PM me the IP address of the server and some additional info such as the other Spigot server IP addresses, also include the ports. I can give a quick look at it to see if it works.
  6. They are using hacked client. When they type /vs logins it starts logging all passwords idk how... How to block that command?
  7. Define "logging passwords". Is that command displaying passwords? Or are they bruteforcing it?
  8. They are spoofing their UUIDs, just like Custom did in one of his videos
  9. If you'd like one on one support, please contact me via Discord or Skype (in Signature)
    I can try to find what they're doing
  10. I doubt it would be anything else than a compromised account or spoofed uniqueId's
  11. How does one protect himself from this?
  12. Use a plugin to only let players join through nothing but the main proxy, there is a plugin called 'OnlyProxyJoin' and it does the job pretty well
  13. I checked out his server, it looks like he is using it (or something like it). I tried directly connecting, with a fake proxy, but it kicked me.
  14. Because they patched the exploit. Basically he portscanned the IP of the server, checked which one is the kitmap, added it to his local proxy where the server had a plugin that could spoof uuids and usernames
    • Informative Informative x 1
  15. Check that ALL servers are properly protected with IPTables or IPWhitelist or related.

    Check you don't have any malicious plugins (cracked/nulled/"Custom") plugins
  16. MiniDigger


    I have a fix for every authme exploit: remove it, stop encuraging privacy and buy the game.
    its also not allowed to discuss such topics here, see rule 10.1 of the forums.
  17. Calm down pig, he's not enforcing it.
    He's just asking for help with the plugin, not "How to hack minecraft" or "How to pirate minecraft"