Hacks and Anti-hacks | How to protect a server?

Discussion in 'Server & Community Management' started by CKitty, Jan 20, 2020.

  1. Hello people of Spigot. I am currently trying to become a server owner. I am also very scared of what hackers could do to my server. I know that there are some tools for servers to protect themselves from hacks, but I found out many types of hacks I didn't know. I thought it would be a great idea to make a discussion on known hacks and how to counter them, either by using a plugin or making a new one.

    I think that we should focus on the latest versions of Minecraft 1.13 - 1.15 as the exploits possible in the infamous 1.8 are amazingly big.

    We should make a list to keep track of the solutions. I recommend adding free solutions if possible, as the hacks are free anyway. I think I should start the list myself.

    • X-Ray
      • Description: What can we say about x-ray that hasn't been said? It's great for lazy hackers and a pain in the a$$ for server owners and honest players.
      • Works on: ALL VERSIONS
      • Observations: There are client-versions (as in they use a mod with forge to see the blocks) and texture-versions (as in they use a texture pack to see the blocks), so clients-packets cannot be trusted.
      • Solutions: Orebfuscator and Anti-Xray. The first one is the best solution, but may damp server performance (note: this depends on the machine, of course it will slow down in a toaster). The latter is good, it hides ores but for some reason it is made on skrypt (like, why?), so if you're an anti-skrypt user you won't like it.
    • Force-OP
      • Description: An external program that sends packets directly to your server. Its main purpose is to force the server to make a certain player OP, but it can also do other actions to attack the server.
      • Works on: It appears to work only on old versions (< 1.9), but some videos show it working on 1.14
      • Observations: Packet-based attacks, sent by an external program. Sends commands that are executed by the console, thus having unlimited access to commands.
      • Solutions: Unknown, for now. Many plugins simply ban players that are OP, but this seems very noneffective, as the hack can perform more actions.
     
  2. I have not seen/heard of a working force op in years, no idea how you're still having this problem. As long as you double check what plugins you install you should be fine.
     
  3. Thank you for the information. I am not having any trouble right now (I haven't opened my server yet). I just wanted to document the hacks and their counters so other server owners can easily protect their servers should they have any attack.
     
    • Informative Informative x 1