Malware! EssentialsHeal v2.3.4 (bitcoin mining?)

Discussion in 'Spigot Plugin Help' started by abhisantos, Jul 13, 2018.

  1. Weaves

    Resource Staff

    Don't post the link, sites like that have always been and always will be a problem. Posting a link here risks someone using it. Here is the buildtools wiki: https://www.spigotmc.org/wiki/buildtools/
     
    • Agree Agree x 1
  2. Haha that's pretty funny. Really shows that no other website can be trusted with just having the real jar on Spigot and that you should always get the jar via BuildTools.
     
    • Agree Agree x 2
  3. Optic_Fusion1

    Resource Staff

    PM me it, i can look into it and try to create a removal software so it exists if something like this happens again
     
  4. I downloaded BuildTools, but how can I get the 1.8.8 version jar through it? Not the 1.12.2 latest version..
     
  5. gzx

    gzx

    You can just do
    Code (Text):
    java -jar BuildTools.jar --rev 1.8.8
    to get Spigot 1.8.8.
     
    • Agree Agree x 1
  6. Thank you!
    Life saver for a noob like me :giggle:
     
    • Like Like x 1
  7. Weaves

    Resource Staff

    The link I posted was to the wiki page, it tells you how to use buildtools. Did you read it? If so what part are you stuck on? Also, remember to mark this thread as solved.
    Edit: Didn't see the post that you figured it out.
     
  8. I would PM a link to @Optic_Fusion1 because he was pretty interested in it.
     
    • Winner Winner x 1
  9. FrostedSnowman

    Resource Staff

    he said he got it off of yive's mirror
     
  10. Optic_Fusion1

    Resource Staff

    Yea, figured that out, i'm looking through it as we speak
     
  11. Optic_Fusion1

    Resource Staff

    More information will obviously be posted once i get it, the search will take a while
     
  12. Optic_Fusion1

    Resource Staff

    @abhisantos see if the same happens with a fresh spigot jar while keeping the old plugin jars, if it does, send me ALL of the plugins so i can search through those as well
     
    • Agree Agree x 1
  13. So it means Yive hides coin miner in its illegal spigots jars? Tried downloading, running and checked on virustotal, both are safe. Don't think it came from yives?
     
  14. Optic_Fusion1

    Resource Staff

    I'm currently looking through a jar from yive's mirror to see if there is anything, there's a reason i told OP to try with a fresh spigot jar from build tools and with the old plugin jars :)
     
    • Agree Agree x 1
  15. Yep xD Anyways I've never used outside spigot jars due to risks, always using buildtools and I don't even support 1.8.8's servers xD
     
  16. Yes, tried a safe spigot 1.8.8 jar and it's all ok.
    All the plugins in the list are clean, concerning this btc miner thing. The problem was really the spigot.jar used before.

    I will pm you the problematic spigot.jar file in some minutes...
     
  17. Me too, but the problem is, pvp sucks in versions above 1.8.8.
    And players don't like it, so we are almost forced by players to use 1.8 version.
    Plugins like oldcombatmechanics are not the same as the original 1.8 version.
     
  18. Optic_Fusion1

    Resource Staff

    okay, it will be useful to have that spigot.jar file as just in case there's something different between the two jars
     
  19. Optic_Fusion1

    Resource Staff

    0221f3ee29dfb8d8d024873bfe5579abbc5bcdc6.png
    If someone happens to know where this would come from (the entire line that is), that would be useful as well
     
    #39 Optic_Fusion1, Jul 13, 2018
    Last edited: Jul 13, 2018
  20. gzx

    gzx

    How is it not the same? Run your server on Spigot 1.12.2 with OldCombatMechanics, and let the players use 1.8 using ProtocolSupport or ViaRewind. There isn't any difference if they use a 1.8 client, except for that your Spigot version is actually supported and receives bug and security fixes.
     
    • Agree Agree x 2