Hacked admin account.

Discussion in 'Spigot Help' started by jussys, Aug 16, 2019.

Thread Status:
Not open for further replies.
  1. Hello guys i have small server, and 1 days ago my server was hacked. Someone came under my account.
    I go to my server, and my spawn is removed, I go to the logs and see the following:
    Code (Text):
    [09:28:59] [Server thread/INFO]: [AuthMe] povin registered 176.107.215.203
    [09:28:59] [Craft Scheduler Thread - 40/INFO]: [AuthMe] povin logged in!
    [09:29:03] [Server thread/INFO]: povin issued server command: /rg info
    [09:29:08] [Server thread/INFO]: povin issued server command: /rg info spawn
    [09:29:59] [Server thread/INFO]: povin lost connection: Disconnected
    We see that the player comes in and finds out who the admin team is / rg info, and goes out.
    More interesting.
    Code (Text):
    [09:30:12] [Thread-137/INFO]: Disconnecting [email protected][id=41c8591b-e4a8-3111-a380-9f4840b71e19,name=Gameloft666,properties={},legacy=false] (/176.107.215.203:62476): You should join using username gameloft666, not Gameloft666.
    Tries to change the first letter to capital, but kicks him.
    Code (Text):
    [09:30:30] [Thread-138/INFO]: UUID of player gameloft666 is 571cb0d6-d95a-32cc-934f-a0bba0abd7b9
    [09:30:31] [Server thread/INFO]: gameloft666[/176.107.215.203:51583 (IP not my)] logged in with entity id 248 at ([world]-34.33293815979344, 66.63583311088432, 559.3000000119209)
    [09:30:36] [Craft Scheduler Thread - 41/INFO]: [AuthMe] The user gameloft666 has 2 accounts:
    [09:30:36] [Craft Scheduler Thread - 41/INFO]: [AuthMe] §7§agameloft666§7, povin.
    [09:30:36] [Craft Scheduler Thread - 41/INFO]: [AuthMe] gameloft666 logged in!
    Just logs in to my account. There were no drains, I don’t tell anyone the password, I keep it in a notebook. There are experts here who know how this happened? It does not fit in the head.

    AAC, AntiAura, AntiRelog, AuthMeReloaded v5.4.0, ChestCommands+, ColoredTags, CoreProtect, custombans, DonatCase, EssentialsX-2.17.1.0, EssentialsXSpawn-2.17.1.0, HideStream, HolographicDisplays, HyEmotes, iDisguise, LeaderHeads, LokiBlocker0.5.4, MineResetLite, multiworld, MyPet-2.2.6, NoLagg, PermissionsEx-1.23.4, ProtocolLib, RandomTP, RogueParkour, ServerlistMOTD, SkinsRestorer, UralClans, Vault, ViaVersion-2.1.2, WorldBorder, WorldEdit, WorldGuard.

    Server spigot 1.8.8.

    Perhaps not only the administrator can be hacked, but also other players on the server.

    Help me PLEASE!
     
  2. If only there were a built in authenticator you could use :unsure:... wouldnt that be handy :LOL:

    spoiler alert: there is, in server.properties, set `online-mode` to true

    SpigotMC nor the community supports servers running in offline mode allowing the use of hacked accounts.
     
    • Agree Agree x 1
    • Winner Winner x 1
  3. it is shown that they are already using an authenticator (authme)

    to OP:

    questions are, how hard is your password?
    anyone else have access to your server files?
    do you kick on wrong password? how many attempts do you allow? because it could have been bruteforced
     
    • Optimistic Optimistic x 1
  4. And look how well that worked out!
     
    • Agree Agree x 3
  5. My password for complexity is - Nesquik12516165156
    Nobody has access to FTP except me.
    1 wrong password entry = kick
     
  6. that's really weird then, possibility is, there's some exploit to get into your account, I also use authme, but never saw such thing happening in my server, just in a server of a friend (my account was hacked into.. also no idea how)

    I recommend to check all of your plugins in case if they have any malicious code (force-login)

    another thing could be your hosting provider being not safe enough, I remember having issues with people getting in when I used some weird hosting provider (which isn't a thing anymore now) for just building purposes
     
  7. Wait why is this in offline mode?
     
  8. I wanted to make a more accessible server, for players without a license.
     
  9. I recommend FastLogin plugin for that purpose & extra safety to normal accounts
     
  10. Well don’t. Who even uses cracked Minecraft these days. You’ll run into way more trouble than it’s worth. And as stated iirc Spigot (or at least bukkit) doesn’t support offline mode support unless necessary for bungee.

    You want to support people that steal the game? I’m not sure I’d want people like that on my server, I mean it’s your server but still...
     
    • Agree Agree x 1
  11. use the online mode true.
     
  12. Well you got more accessible, someone was able to access your account!

    Im sorry but you brought this on yourself, you turned off Mojang's security to allow people to play on your server with a hacked MC game, and you got your account hacked, what do you people expect?!?!
     
    • Agree Agree x 3
  13. This is why cracked servers are looked down upon. Literally anyone can login to your account & just exploit your server. Also, I am aware that a handful of big servers are cracked. HOWEVER, they are protected massively. I recommend the OP to either add a premium option to the server or just add a IP detection system, that way if the IP isn't the same as your's, it won't allow the person to login to the account. That's the only options that I can come up with.

    Or...
    just don't run a cracked server & you won't experience these issues.
     
  14. Strahan

    Benefactor

    If you're gonna allow dogs in your house, don't be surprised when they shit on the carpet lol
     
    • Winner Winner x 3
    • Funny Funny x 1
  15. WELL PUT!!!
     
  16. This happened due to you using outdated AuthMe and AuthMeBungeeBridge.
    AuthMeBungeeBridge was never endorsed by AuthMe, due to it being flawed from the beginning.
    To solve your issue use the latest version of AuthMe and AuthMeBungee.
     
  17. The OP never mentioned they used whatever plugin you're saying. Also, it doesn't matter if AuthME is outdated or not. The OP is running a cracked server, they are already open to a lot of exploits & potentially the server getting destroyed.
     
    • Creative Creative x 1
  18. This may off been said already as didn't read the other comments it's a hacked client that allows you to spoof uuids theres a plugin for this and it will prevent this from happening again unfortunately this is only a bug in 1.8 and I haven't heard off it being done in later versions install this plugin on any 1.8.X servers you have https://www.spigotmc.org/resources/uuidspoof-fix.26948/ i know this as this happened to me to they also op'd there account so I made this plugin to prevent it from happening https://www.spigotmc.org/resources/dcantiop.70810/ I hope this helps you if it does please thumbs up it :)
     
  19. I'm sorry that you didn't even read the OP's post.
    At least do that before dissing people running offline mode servers.
     
Thread Status:
Not open for further replies.