last-login-time last-logout-time in pex MySQL

Discussion in 'Server & Community Management' started by BabelSolea, May 4, 2017.

  1. I have bungee + spigot 1.11.2
    and pex with MySQL data

    what happens:

    after resetup spigot servers i forget put localhost on server-ip and some one hater-player (cheater hacker?) used it to connect to spigot server from her bungee server cuz my spigot server 'had server-ip= ' so connect from any ip.

    so he connect with my (OP) nickname and get pex *

    and he did tra-la-la my spawn.

    after that i found server-ip=localhost - so i closed my spigot from thats connections but

    i get another problem:

    i cleared OPs and wrong permissions after thath cheater and in my pex now spamming

    this to pex:

    upload_2017-5-4_13-7-26.png

    on PermissionsEX MySQL permissions table!!!

    so do any know how fix that shit? why that happen?
    do i need show any other info for analize it?
     
  2. Offtopic, but were any of their names "ChickenManJordi", "IEDs" or "CanadianDev"
     
  3. It was @Garkolyms client I think. He has a 1.11.2 Pex hacked client that gives you op.
     
  4. i first time starting post on forum, so im sorry if i choose wrong place.

    i didnt saw that nicknames. player-cheater every day was with new nickname. - when i found him (from pex data and from OPs file - i did delete that and ban player)

    i know what that some russian player who using... hacked client? or may be some hack-mode, idk.

    after i found what on my servers cheater i off myself permissions on pex to break use my nickname to get *.

    but that didnt help.

    he get * on pex and OP self on some another way.

    after i check that i did off myself from OPs file and change my nickname and dont show my nickname to any player :3

    after that i didnt see that cheater.

    but i still have spam in pex
    last-login-time
    last-logout-time
    what dont need me.

    any know some plugin may be what generate that permissions?
     
  5. This kind of attack is referred to as kneesnap. It's where you haven't firewalled off your spigot servers, so people can use cracked clients to connect to your spigot servers (just as you would normally when you play cracked servers) and they can set their name to whatever they want, including your name, which grants them all permissions. Recently, I came under this kind of attack however I had backups so I restored them. In your case, type /pex users in chat to see who has different permissions, and remove them from anyone you don't recognise. Out of interest, tell me if any of these players gained permissions: "ChickenManJordi", "IEDs" or "CanadianDev"
     
    • Agree Agree x 1
  6. "ChickenManJordi", "IEDs" or "CanadianDev" - nope.

    That cheater still coming to my server and getting * in pex =(

    server ofc in offline mode cuz of bungeecord.

    i checking every morning pex MySQL and founding here one *

    so now i try this cases:

    upload_2017-5-7_3-1-3.png

    prevent any /op /pex /ban /unban command by chatcontrol premium plugin with logging it.

    deop all players on server including self (can manage my servers from console or rcon)

    deleted all groups and all players with *

    i hope that will help...

    but i still dont know how he get *
     
  7. how i can firewall my servers in bungee?

    //i have not any expirience in defending server =(
     
  8. What operating system is on your server?

    The best way is to install a firewall if you don't have one. If windows follow these directions:

    I did not write this

    Introduction:

    Depending on who you talk to, some people might just suggest turning off Windows Firewall. While it's not really a huge deal to shut it off, it's always better to keep it enabled. It's always best to have a layered approach when dealing with security, and running a Minecraft Server is no different. While you cannot manage bans through Windows Firewall, you can control some very critical traffic that may come to your network. For Example, you may have some malicious users that join your server and eventually, they may decide to perform a DoS attack on your server. Using Windows Firewall, you can deny any traffic from their IP to your network, while in Minecraft all you can do is ban then from actually signing on. Please note that I am not saying that Windows Firewall will prevent a DoS attack, it is merely another layer in the security.

    For this tutorial, I will be using my own computer as a demonstration which is running Windows 7 Enterprise x64. These instructions should be close or similar for any computer running Windows Vista and up, or Windows Server 2008 and up.

    Necessary Information:

    There are a few things that you will need to get started.
    • Administrative Access to your Windows Based Computer
    • Your desired port for your minecraft server
    • A list of other services you need to run, and their port numbers (Dynmap, Votifier, Web Server, etc)

    Step 1: Open Windows Firewall
    Once you're signed on to your computer using an administrative account, we will need to open Windows Firewall.

    1. Click on the 'Start' Button
    2. In the 'Start Search' box, type WF.msc
    3. Press the 'Enter' Key - The 'Windows Firewall with Advanced Security' window should appear

    Step 2: Add the Minecraft Server Port

    1. In the 'Windows Firewall with Advanced Security' window, click on the 'Inbound Rules' button on the left

    2. In the 'Actions' Toolbar to the right, Choose 'New Rule...' - The 'New Inbound Rule Wizard' will appear.

    [​IMG]
    3. Choose the 'Port' option from the selection and click 'Next'
    4. Make sure that 'TCP' is selected at the top part of the window
    5. Select 'Specific local ports:' if it is not already selected
    6. Enter the port number for your Minecraft Server - By default, the port is 25565 - Then Click 'Next'

    7. Select 'Allow the connection' if it is not already selected and click 'Next'
    8. In this window, you can select which connection profile that this rule applies to. You can find out what you've marked your connection as in the Network and Sharing Center, but if you're using a desktop computer that does not leave your house, you can just leave all three boxes checked (I believe two boxes if you're using a Home version of the OS) - Click 'Next'

    9. Give this rule a name. I usually use something like 'Minecraft Server - TCP 25565'
    10. Click 'Finish'

    At this point, you have successfully allowed the Minecraft Server port through your Windows Firewall, while keeping all of the other ports secure. You can follow the same procedure above to add the ports for other services you may need for Minecraft, such as Dynmap (8123), Votifier (8192) or anything else.
     
    #8 marinesquirel, May 7, 2017
    Last edited: May 7, 2017
  9. I'm using Ubuntu
     
  10. Try installing a plugin called IPWhitelist and see if the problem remains.
     
  11. Think it's kinda funny and very sad that someone seriously give the advice to base security solely on a piece of "old" plugin software and leave a running server and all its services exposed to the public internet without a firewall. Setting up a firewall (either on your server, on your network or via your hosting provider) should be one of the first things you do when ever you put a computer/server online on the internet.

    Remember a standard server normally exposes a lot of other services that may be exploited or abused other than just your running Minecraft services.

    A firewall can be installed even if your argument is "But: What if you switch to a game-server without ssh? Shit happens" ... My argument would be: Then don't switch to that gameserver if you don't have access to some kind of firewall or can install one.