My server was hacked. [Exploit?]

Discussion in 'Systems Administration' started by DeletedAccount, Jan 4, 2015.

  1. BungeeCord "Host":
    Have it as 0.0.0.0:25565

    The others are correct.
     
    • Informative Informative x 1
  2. Thanks.. I'll give this a shot and let others reply with what they think.

    So for the Bungee config this is correct?

    Code (Text):
    servers:
      games:
        address: 127.0.0.1:port
        restricted: false
        motd: '&9» &4The&2H&4S&1C&9 «&a Games'
      creative:
        address: 127.0.0.1:port
        restricted: false
        motd: '&9» &4The&2H&4S&1C&9 «&a Creative'
      pve:
        address: 127.0.0.1:port
        restricted: false
        motd: '&9» &4The&2H&4S&1C&9 «&a Hub & PvE'
      mn:
        address: backendipforthisserverasitsnotonthebox:port
        restricted: false
        motd: '&9» &4The&2H&4S&1C&9 «&a Marshmallow Nation'
    and

    Code (Text):
      host: 0.0.0.0:25565
    and in server.properties of every server apart from the non-box one:

    Code (Text):
    server-ip=127.0.0.1
    Thanks for helping me :)
     
  3. Yes
     
    • Informative Informative x 1
  4. Thanks :)
     
  5. On the server that isn't on the box, set the "server-ip" in server.properties to the same as the "address" option for that server is on the Bungee.

    So if I had:
    Code (Text):
      mn:
        address: hello.world
        restricted: false
        motd: '&9» &4The&2H&4S&1C&9 «&a Marshmallow Nation'
    Then I'd have:
    Code (Text):
    server-ip=hello.world
     
    • Informative Informative x 1
  6. Alright, thank you, I'll do this.

    I see now that all of this happening was from my stupidity.. anyway hopefully it won't happen again.
     
    #46 DeletedAccount, Jan 4, 2015
    Last edited: Jan 4, 2015
  7. Did it work? Does it protect you from those "hacker"? That'd be way easier.
     
  8. Well, I'm not sure as no one has attempted to hack me again... :p

    It makes sense.. it should do.
     
  9. #50 DeletedAccount, Jan 4, 2015
    Last edited: Jun 20, 2015
    • Agree Agree x 1
  10. Way ahead of you :D He is attacking spigot serves i guess....
     
  11. Also run /banip 127.0.0.1. Doing this when we were being hacked stopped the last hacker getting in... Still secure your stuff as the IP's that logged in as me weren't localhost.
     
    • Informative Informative x 1
  12. Got any info?
     
    • Agree Agree x 2
  13. Haven't got much out of him, he said people should educate themselves before opening a server, no exact details about how it was done.
     
  14. Thanks, and just whitelist localhost?

    I guess he made a bungee server, used a port scanner and got the port to one of the servers on the machine, added it in his bungee, switched his bungee to offline mode, and logged in via his proxy.
     
    • Useful Useful x 2
  15. Yes and if you have multiple dedicated servers then add those ip's aswell.

    /ipwl addip <ip>
     
    • Informative Informative x 2
  16. This guy is obviously targeting servers from spigot..
    You guys with servers should setup something to monitor and log packets and also log anything and everything ingame(a kinda advanced log)
     
  17. Thanks.

    I guess so..

    I don't get why the hacker spent several hours trolling my server with his dinnerbone account, then after several hours logging into my account, and clearing spawn then leaving. He could of done far more damage (luckily, he didn't.)
     
  18. Yep true that, spigot should have something like lilypad, it just block every connection unless you connecting though proxy.
     
    • Agree Agree x 2