Hi all, Today we've found out that we had a major security problem in our setup. If someone were to set up their own (cracked) bungeecord and link our servers to it, they were able to join as Owner, ... We've fixed this by removing ip_forward in our Bungeecord and checking if the players IP matches that of our Bungee. The problem is that we've lost all UUID compatibility, such as player files and UUID bans. Do you guys have any idea on how we could fix this security issue without disabling ip_forward? Maybe a handshake between Bungee and Spigot with a passphrase? Thanks, Tint
you need to setup your servers firewall to protect your bungeecord servers from foreign connections, here is a tutorial https://www.spigotmc.org/wiki/firewall-guide/ secondary measure https://www.spigotmc.org/resources/ipwhitelist.61/