Is it possible to hack a server?

Discussion in 'Server & Community Management' started by Scholler, Jul 11, 2019.

  1. I saw some guys giving themselves OP on servers.. They even hacked my server.
    How they do it? I don't want to hack servers, just interested in programming&hacking, and I was wondering what they exploit. Is it makes the job easier for them that my server is offline mode? Is it with the server version (like there is a vulnerability in a version)? Or they made a client that can give the player OP? (I don't really think that's possible, didn't personally test but.. big servers would be hacked.)
    And what can I do against hacking? I used OpGuard and it worked very well, but am I 100% safe with that?
  2. The definition of "hack" has been used numerous times from people who just got their server exploited by some bug. You're running a cracked server? Already open to lots of exploits coming your way. There's no client that can "ForceOP". All those clients out there are either fake or contain malware. OPGuard is a good first step, however I recommend to also explicit permissions. Big servers get "exploited" because their firewall is down. Even if someone gets hacked, it's usually because someone find out their data through a database/ratting.

    Bottom line is, as long as you run a cracked server there's going to be exploits that people will abuse to destroy the server.
  3. Keep in mind OPGuard's useless if they get a malicious plugin in your plugins folder, all it has to do is load BEFORE OPGuard to work...

    but yea, chances are the person used an exploit due to it being an offline server, or you failed to properly secure your server somewhere
  4. Just firewall your servers and don't run 1.8 and you're set
  5. and be careful with what plugins you install!
    • Agree Agree x 1
  6. I know a guy that really hacked my server.. I was using a free hosting, I had 1.8 and online-mode false. The guy said that he wrote a program in JAVA that does this, and he actually wanted to sell it for me, lol... I had NO plugins that would give op.
  7. eh, chances are there was a exploit that he abused, if you properly secured your server and firewall and such you wouldn't be hacked
  8. Wait, hold up. Did you even had a /login system to prevent people from accessing your account without the password? Excuse my language, but the guy that said that is full of shit. There is no program out there that can communicate with a server & give OP. That's not how it works. The only way that I can think of is RCON & servers usually don't have that enabled. Do NOT purchase his program, you will get scammed. Trust me. You said you don't have any plugins that would give op, but how can you be sure? As long as you download plugins from trusted sources, you should be good. Then again, more information wouldn't hurt.
  9. I just want to tell you that I'm not a noob at programming. That guy hacked so much servers.. I had a login system, I'm not that stupid. And I think that if he can access my server (like in real hacking, it's about gaining access for servers) he can somehow OP himself. Also, how can I be sure? As I wrote, I am not stupid, I don't download any suspicious plugins, and if I do (like nulled plugins), I always decompile them. If they are obfuscated I just won't use them.
    • Funny Funny x 1
  10. Strahan


    There are many ways to exploit a server, it all depends on how much of a novice the administrator is who is managing it. That guy is full of shit. Tell him before you buy it you want proof; have him get on Hypixel with you and tell him to use it to make himself op there and do some op shit heh. I'm sure he'll have some excuse for why that won't be doable lol.
  11. There is a well known bungeecord exploit that allows people to login with the same name as an admin and can use that to get op. You can prevent it by forcing players to only connect through the bungeecord proxy. You can search for "OnlyProxy"