1. Guest, as per the stickied thread, this forum has not been in use since 2014. All bugs and feature requests should be posted to JIRA.

My Server Was Hacked

Discussion in 'Bugs & Feature Requests' started by Mythcartoonist, Sep 7, 2013.

  1. I'm sure you've all heard about the recent exploit regarding people being able to make themselves OP and wreak havoc on a server. This happened to be today. My spawn was destroyed, there was nothing I could do. This was using Spigot build 1091, a build that was thought to have patched the issue. I have the username and IP of the user in question if you need it.
     
  2. jeff142

    Benefactor

    Can you prove it was exploited in spigot? and not a controal panel or something like that, or even a compermised account.
     
  3. I have the server logs showing "Failed to verify username" several times, with them eventually succeeding in logging in as me.
     
  4. jeff142

    Benefactor

    Post it then.
     
    • Agree Agree x 1
  5. Are you sure it is #1091? /ver output?
     
  6. jeff142

    Benefactor

    This is why every server should have its own auth system, for admins, or OP's thare are a few bukkit plugins for this, and highly recommended for servers, never trust your server to one session or password.
     
  7. You're completely positive you were using spigot 1091?
     
  8. I had actually just updated it to 1091 about an hour before this happened. Even before that we were on 1090.
     
  9. TitanicFreak

    Patron

    Do /ver and make sure it is.
     
  10. TitanicFreak

    Patron

    Isn't it still a >1% chance of this working?
     
  11. LiLChris

    LiLChris Retired Moderator
    Retired

    Please post the entire log, from start up. :)
     
  12. This server is running CraftBukkit version git-Spigot-1091 (MC:1.6.2) (Implementing API version 1.6.2-R0.2-SNAPSHOT)
     
  13. TitanicFreak

    Patron

    Might need to make a few paste's btw
     
  14. Dmck2b

    Services Staff

    This is sounding like a session stealing exploit more than the one at hand, if you even attempt to try use the double packet exploit patched in 1091 you get kicked...
     
  15. So what exactly does that mean?
     
  16. TitanicFreak

    Patron

    Have you trialed the exploit yet a few times to make sure what you said was valid? I still see my sister servers getting hacked in 1091.
     
  17. Dmck2b

    Services Staff

  18. TitanicFreak

    Patron

    Ehh seems legit.