My server was hacked. [Exploit?]

Discussion in 'Systems Administration' started by DeletedAccount, Jan 4, 2015.

  1. He never had the intentions to grief your server, it's because Agueroooo16 dared him to do it because he didn't believe the guy hacked anything.
     
    • Like Like x 1
  2. Spigot does have that...
     
  3. But you can connect to it with any proxy, where lilypad connect to a specific IP and it only allow connections from that.
    That's what I meant.
     
  4. CustomForms

    CustomForms Retired Moderator
    Retired Supporter

    Well, you could just set everything up how it was meant to be setup. Running 2-3 extra unix commands isn't that difficult to do. It takes a little more reading from the person setting it up but helps in the long run.
     
    • Like Like x 1
    • Agree Agree x 1
  5. Yep you are right, it's not a big deal to fix it, but those who are new to all this will be bit hard and something they would never think off. If I am right that's exactly what happened here.
     
  6. CustomForms

    CustomForms Retired Moderator
    Retired Supporter

    If someone is capable of setting up bungeecord without addressing the wiki, to ensure everything is setup how it is meant to be, you could just call that careless.
     
    • Agree Agree x 4
  7. My bets: it's some sort of 7 year old who got their older brother to get through and troll as dinnerbone

    10/10 legit story again


    I made that all up don't believe me pls
     
  8. obviously a lowlife hoodrat folks.

    @RealSafe - do you also host your server from a dealer's van in downtown like @itsjhalt does?

    About the problem:

    The user is cracked. Glad I could help, Ill accept PayPal (or DogeCoin) - sent info in PM.
     
    • Funny Funny x 2
  9. Seems that it's all fixed.. when I run a port check here: http://ping.eu/port-chk/ on the IP and ports of the backend servers, they come up closed, which I think means it's fixed.

    I hope others can learn from this :p
     
  10. i was thinking about this, why not just ban ip 127.0.01 assuming you're not home hosting.
     
  11. You should still be blocking all other Ports for the sake of safety...
     
    • Agree Agree x 1
  12. oh course, but i was thinking of a quick fix for people. This post was made showing players how to use it therefore putting almost every server at a large bit more risk. This fix was more for the players with shared hosting, a lot of the really cheap hosting services probably would not care...
     
  13. can someone verify this? i am not sure if i did it correctly. but all the ports im not using are closed.
     
  14. I read through this thread for the amusement, and learnt that if I ever move to a network from one server, Im darn well setting up a firewall!
    So you may have saved me in the near future!

    Just so im clear, if someone sets up a bungee server, they cant just add stand alone spigot servers can they?
     
  15. They can if they have access to the Ports. If you setup your firewall correctly, and only give access to your spigot server ports from 127.0.0.1 / localhost (The IP of your BungeeCord server, if you don't host everything on the same machine), you are safe.
     
  16. Every spigot/bukkit/vanilla server in offline-mode: true can be joined through a bungeecord in offline or online mode
     
  17. An idea could be to find his ip with essentials and block it?
     
  18. Hes IP is not even the issue, even if it was changing your IP is super easy.
     
  19. You can alternatively BanIP 127.0.0.1. I still recommend a correctly set up firewall.
     
    • Agree Agree x 1
  20. Key piece of information there, Offline servers only! Gotcha.