Solved Security issues | UUID issues

Discussion in 'BungeeCord Help' started by Tint, Apr 23, 2017.

Thread Status:
Not open for further replies.
  1. Hi all,

    Today we've found out that we had a major security problem in our setup. If someone were to set up their own (cracked) bungeecord and link our servers to it, they were able to join as Owner, ...

    We've fixed this by removing ip_forward in our Bungeecord and checking if the players IP matches that of our Bungee. The problem is that we've lost all UUID compatibility, such as player files and UUID bans.

    Do you guys have any idea on how we could fix this security issue without disabling ip_forward? Maybe a handshake between Bungee and Spigot with a passphrase?

    Thanks,
    Tint
     
  2. #2 ChiefMoneyBags, Apr 23, 2017
    Last edited: Apr 23, 2017
    • Agree Agree x 4
  3. Thanks, this seems to work!
     
Thread Status:
Not open for further replies.