[Bungee Exploit] Bungee 1.7.10

Discussion in 'Spigot Help' started by JordanDev, May 6, 2017.

  1. Alright,

    Last night 2 people UUID spoofed my server, Although since I have 2fa on our login system (Via Google Auth) they couldn't directly login through the Hub, Although they still found a way to bypass, I think they may have joined via making a Bungee proxy then linking it to my server (Bypassing Hub, And IPForwarding message). I have looked a bit around and I can't seem to find something that will easily block this.

    http://prntscr.com/f4wtyk - When trying to join directly to one of my servers ip's.
     
  2. joehot200

    Supporter

    Could you explain how they "UUID Spoofed" it, and what information you have on exactly what they did?
     
  3. Basically, There are specific clients which can do this, It essentially makes it so there UUID is someone else's, So they got my UUID from like namemc or something, Then they spoof it so my UUID is under there account, I do not know exactly how it works, But that is what it does, There is an easy fix for this, When someone joins you check there UUID against mojang's api or another source if its not equal they get kicked, There are already resources for this, Although I don't know how they bypassed my Hub, They cannot login to my account unless they have my phone, My network has a system similar to md_5's Mine-secure we use Google Auth, I think they bypassed the Hub because I have heard that there was a Bungee IP-Forwarding exploit where you were able to bypass, Not sure though. Check your skype, And I'll show you.
     
  4. Because you didn't firewall your servers correctly.. Only BungeeCord should be able to connect to them, no other service should.
     
    • Useful Useful x 1
  5. You may use a plugin called "IpWhitelist", and put your bungee proxy's ip adress on the whitelist of the plugin. The two players who have bypassed your login may have user another bungeecord than yours, and connected to your hub.
     
  6. Correct, That is what I believe had happened, Although when I tried the same using my local machine "If you want to use IP-Forwarding enable it in your config as well" (Or what ever the message is). My team and myself will be improving our security, And they even tried to gain access to our machine (As root) but failed, We have a safe guard in place for that.