Solved Security issues | UUID issues

Tint · Apr 23, 2017

Hi all,

Today we've found out that we had a major security problem in our setup. If someone were to set up their own (cracked) bungeecord and link our servers to it, they were able to join as Owner, ...

We've fixed this by removing ip_forward in our Bungeecord and checking if the players IP matches that of our Bungee. The problem is that we've lost all UUID compatibility, such as player files and UUID bans.

Do you guys have any idea on how we could fix this security issue without disabling ip_forward? Maybe a handshake between Bungee and Spigot with a passphrase?

Thanks,
Tint

ChiefMoneyBags · Apr 23, 2017

you need to setup your servers firewall to protect your bungeecord servers from foreign connections, here is a tutorial
https://www.spigotmc.org/wiki/firewall-guide/

secondary measure
https://www.spigotmc.org/resources/ipwhitelist.61/

Tint · Apr 23, 2017

Thanks, this seems to work!

Useful Searches

Solved Security issues | UUID issues

Tint

ChiefMoneyBags

Tint