My server was hacked. [Exploit?]

Discussion in 'Systems Administration' started by DeletedAccount, Jan 4, 2015.

  1. No.

    When using BungeeCord - you have to turn the spigot servers to offline mode. When they join through the proxy - they authenticate through online mode. That's why you need to firewall the servers themselves so they don't join them directly with offline mode.
     
    • Agree Agree x 1
  2. I read thru the thread and got rather confused. My spigot server runs on 127.0.0.1 in offline mode, bungeecord runs with online mode. Anyone can hook their bungeecord with my hub server and login from their server to mine with any name?
     
  3. Ok basically.

    BungeeCord should be the only server people can access as it's online mode.
    By setting the spigot servers' ip's to 127.0.0.1 in server.properties & the BungeeCord config.yml and using 0.0.0.0 for the host of BungeeCord - you are preventing users from making their own BungeeCord server on their PC/server, turning it into offline mode and then finding the ports from your spigot servers and adding them to their own proxy server. They then login via their proxy server to your server and they can now get in through offline mode.

    A quick fix if you are worried is to ban the IP 127.0.0.1 until you have your firewall sorted.
     
  4. In the bungee config
    "listeners:"
    - max_players: 50
    fallback_server: hub
    host: play.****.com:25565
    bind_local_address: true
    ping_passthrough: false
    tab_list: GLOBAL_PING
    default_server: hub
    forced_hosts:
    mc.******.com: hub
    hub.*****.com: hub
    motd: '&1Another Bungee server'
    force_default_server: true
    tab_size: 60
    query_enabled: true
    query_port: 25565


    "servers:"
    hub:
    address: localhost:<port> (not 25565)

    Is this good?
     
  5. The critical part is in the server.properties
    Code (Text):
    server-ip=
     
  6. it's 127.0.0.1 there, so all good?
     
  7. Go here:
    http://ping.eu/port-chk/

    Type in your server IP of your proxy and the port of one of your spigot servers and if it's closed it's protected against hackers..
     
  8. No you can't. Bungeecord can spoof any ip you want, so banning 127.0.0.1 won't help.
    You should always setup a firewall to block direct join to the backend server.
     
  9. It says its open. But the spigot server runs on for example 127.0.0.1 port 1234, so trying to connect to "hostname:1234" should not do anything?
    Pretty sure it should only allow localhost connections
     
  10. Tried connecting to my dedi mc server from my personal computer that runs bungee in offline and lobby in offline.

    Connecting to main hostname:25565
    [​IMG]
    Connecting to hostname:<port of spigot server that runs on 127.0.0.1>
    [​IMG]
     
    #90 Hango, Feb 10, 2015
    Last edited: Feb 10, 2015