client-server packet interception

Discussion in 'Spigot Plugin Help' started by Gerolf, May 9, 2017.

Thread Status:
Not open for further replies.
  1. How to protect player's authme passwords from client-server packets interception? Looks like one of my players was hacked like this. Somehow griefer found out other player's password and destroyed everything. Maybe I need to close some ports on server, or something like that?
     
  2. Is your server bungee or offline mode?
     
  3. Offline mode on spigot, OS is ubuntu server 16.04 with default config
     
  4. Then it's really easy to hack your server. I can just use a hacked client such as Wurst and change my name to yours (the owner) and boom I'm in. Do you have AuthMe?
     
  5. To change your username in offline mode you even don't need hacked client, just any pirate client allows this.

    Of course I have authme. it's only possibility that player was hacked by packet interception, because he used same authme password on ten's of other offline severs. The griefer that logged under his nick obviously was joining my serv the first time. Maybe griefer was admin from other server where my player previously played, and he used some plugin that shows authme passwords from database, and then tried that password on my serv and it worked. I just want to know how hard is to find out player's authme passwords with packet interception and how to prevent this. I have suspicions that it was packet interception because some player that thinks he is hacker threatened me that he will try something beside his spambots (this was the day before)

    I have no remote access configured on my serv, and phpmyadmin is binded to localhost


    P.S. It was not packet interception, it was admin of other server where my player used same password and admin somehow saw it.
     
    #5 Gerolf, May 9, 2017
    Last edited: May 16, 2017
Thread Status:
Not open for further replies.