I have a server. I use Bungeecord and it hooks to several servers. Somehow, a user is logging in an I believe obtaining OPs. They somehow spoof their IP address to 220.127.116.11 or 127.0.0.1 or 169.x.x.x I use Luckperms, but they are able to bypass permissions, so I assume they are gaining OPs somehow. Normally, I just roll back with Coreprotect. This time, they destroyed the Coreprotect database - they reset it - before they did their griefing, so I am restoring from an off-site backup. I need help to be pointed into the correct direction to stop this. Originally, this user was placing TNT and I was rolling back with Coreprotect. Apparently, I had not stopped TNT with Worldguard. Once, I did, they nuked the entire lobby and coreprotect. Any suggestions appreciated.