serious griefing that I can not stop

Discussion in 'Spigot Discussion' started by draexo, Oct 6, 2019.

    • Like Like x 1
  1. Necroposting! Lol.
    They tried to get on this morning and kept getting kicked because:

    " .UUID of player Mr_Ca0s_ is 31189979-7e00-3922-92a7-dfd2e23b7082
    10.10 03:44:18 [Server] INFO Disconnecting protocolsupport.protocol.utils.authlib.GameProfile(onlineMode: false, originalname: Mr_Ca0s_, originaluuid: 31189979-7e00-3922-92a7-dfd2e23b7082, name: Mr_Ca0s_, uuid: 31189979-7e00-3922-92a7-dfd2e23b7082, properties: {}) (/127.0.0.1:12202): Please join directly on example.com
    10.10 03:44:18 [Server] INFO This is the default message
    10.10 03:44:18 [Disconnect] User protocolsupport.protocol.utils.authlib.GameProfile(onlineMode: false, originalname: Mr_Ca0s_, originaluuid: 31189979-7e00-3922-92a7-dfd2e23b7082, name: Mr_Ca0s_, uuid: 31189979-7e00-3922-92a7-dfd2e23b7082, properties: {}) (/127.0.0.1:12202) "

    I will keep an eye on the logs. Thanks again. Oops.... I guess I better reconfigure example.com!
     
  2. I will check that out! It only works with Paper or its forks, but I am considering switching at least some of my servers to Paper.

    I use Luckperms already.
     
  3. He tried again just now and has been unsuccessful to get back on.

    I am not sure how he fakes the IP address to localhost 127.0.0.1 or whatever he chooses. Regular players show up with their real IP address.
    Not that it matters, as he can not join with his proxy bypass trick.


    10.10 12:24:58 [Server] INFO UUID of player Autenticgriefing is fc5bc365-aedf-30a8-8b89-04e462e29bde
    10.10 12:24:58 [Server] INFO Disconnecting protocolsupport.protocol.utils.authlib.GameProfile(onlineMode: false, originalname: Autenticgriefing, originaluuid: fc5bc365-aedf-30a8-8b89-04e462e29bde, name: Autenticgriefing, uuid: fc5bc365-aedf-30a8-8b89-04e462e29bde, properties: {}) (/127.0.0.1:2778): Please join directly on example.com
    10.10 12:24:58 [Server] INFO This is the default message
    10.10 12:24:58 [Disconnect] User protocolsupport.protocol.utils.authlib.GameProfile(onlineMode: false, originalname: Autenticgriefing, originaluuid: fc5bc365-aedf-30a8-8b89-04e462e29bde, name: Autenticgriefing, uuid: fc5bc365-aedf-30a8-8b89-04e462e29bde, properties: {}) (/127.0.0.1:2778) has disconnected, reason: Please join directly on example.com
    10.10 12:24:58 [Server] INFO This is the default message
    10.10 12:25:04 [Server] INFO UUID of player Autenticgriefing is fc5bc365-aedf-30a8-8b89-04e462e29bde
    10.10 12:25:04 [Server] INFO Disconnecting protocolsupport.protocol.utils.authlib.GameProfile(onlineMode: false, originalname: Autenticgriefing, originaluuid: fc5bc365-aedf-30a8-8b89-04e462e29bde, name: Autenticgriefing, uuid: fc5bc365-aedf-30a8-8b89-04e462e29bde, properties: {}) (/127.0.0.1:2782): Please join directly on example.com
    10.10 12:25:04 [Server] INFO This is the default message
    10.10 12:25:04 [Disconnect] User protocolsupport.protocol.utils.authlib.GameProfile(onlineMode: false, originalname: Autenticgriefing, originaluuid: fc5bc365-aedf-30a8-8b89-04e462e29bde, name: Autenticgriefing, uuid: fc5bc365-aedf-30a8-8b89-04e462e29bde, properties: {}) (/127.0.0.1:2782) has disconnected, reason: Please join directly on example.com
    10.10 12:25:04 [Server] INFO This is the default message
    10.10 12:25:05 [Server] INFO UUID of player Autenticgriefing is fc5bc365-aedf-30a8-8b89-04e462e29bde
    10.10 12:25:05 [Server] INFO Disconnecting protocolsupport.protocol.utils.authlib.GameProfile(onlineMode: false, originalname: Autenticgriefing, originaluuid: fc5bc365-aedf-30a8-8b89-04e462e29bde, name: Autenticgriefing, uuid: fc5bc365-aedf-30a8-8b89-04e462e29bde, properties: {}) (/127.0.0.1:2783): Please join directly on example.com
    10.10 12:25:05 [Server] INFO This is the default message
    10.10 12:25:05 [Disconnect] User protocolsupport.protocol.utils.authlib.GameProfile(onlineMode: false, originalname: Autenticgriefing, originaluuid: fc5bc365-aedf-30a8-8b89-04e462e29bde, name: Autenticgriefing, uuid: fc5bc365-aedf-30a8-8b89-04e462e29bde, properties: {}) (/127.0.0.1:2783) has disconnected, reason: Please join directly on example.com
    10.10 12:25:05 [Server] INFO This is the default message
     
  4. I must have done something wrong. While the griefers can not connect at all, I can only connect to my lobby and 2 servers. The other 3 off the bungee cord give me the same message. I will have to figure out what I messed up!
     
  5. i heard of 1.8.0 having some Problems, which Spigot Version are you using?
     
  6. Strahan

    Benefactor

    Can't one just not allow access to anything save the BC instance? My firewall only allows the connection to the port used by the BC proxy, then all the game servers are isolated from the internet.
     
    • Like Like x 1
  7. There are still servers out there that have operators on it?
     
    • Like Like x 1
  8. My server has OPs, only owners though. It's a pretty easy way to tell plugins you want all permissions when they don't want to listen to * from your permissions plugin.
     
  9. A proper setup would be ala firewall: deny all, allow a bunch of exceptions, not allow all and pray nobody else got misconfigured.
     
    • Like Like x 1
  10. Strahan

    Benefactor

    It isn't a plugin's job to look for wildcards; the permissions manager does that. Having OP doesn't guarantee you have all permissions. Easy example off the top of my head; PEX. If you have no PEX permissions defined, you cannot use /pex regardless of being OP.

    Any plugin dev doing something like if (!sender.hasPermission("myplugin.admin") && !sender.hasPermission("myplugin.*")) return; is wasting keystrokes heh.
     
    • Like Like x 1
  11. 1.13.2
    Going to go to 1.4.4 shortly once I figure this out.
     
  12. I am thinking OPs is just not a good idea. I do not know how to disable OPs completely. I would rather take a few minutes and add permissions to my owner account than let someone get ops. Very easy to add permissions with LuckPerms. Also, you are correct, OPs does not grant you all permissions. It seems to depend on the plugin.
     
  13. A firewall on the server side for what purpose? I can do that, but what am I blocking and why?
     
  14. with that code snipped you'll block someone who has OP, but not BOTH of the permissions "myplugin.admin" and "myplugin*".
     
  15. Strahan

    Benefactor

    Somebody was talking earlier about bypassing BC and directly connecting to the servers using their ports. I was commenting on that. The firewall prevents internet connections. My BC proxy listens on 25565, server 1 listens on 25570, server 2 on 25571, server 3 on 25572. I only open 25565 so if you are outside the network, even if you try to direct connect to the servers using their ports, you can't.
     
    • Agree Agree x 3
    • Like Like x 1
  16. Ah.... the light bulb went on.
     
  17. If you're running these servers on a linux VPS, you can install ufw:
    https://wiki.archlinux.org/index.php/Uncomplicated_Firewall

    And block all incoming traffic on all ports and specifically allow 25565 (one to your bungee cord) only. No plugins or configs needed.

    # ufw enable
    # ufw allow 25565


    And you're done I guess
     
  18. Hello to solve your problem you have to do the following

    1.- First of all you have to activate the iptables and block all the ports of your server except port 25565
    https://www.spigotmc.org/wiki/firewall-guide/

    2.- Protect your account
    https://dev.bukkit.org/projects/accountguard

    3.- if you use luckperms please disable the OP of all servers
    enable-ops: false

    With these three guidelines you can solve most problems
     
    • Like Like x 1

  19. I have done most of this except #2. Since I have disabled OPs, and since I log in from 3 different IPs, I have not done that one yet.

    Thanks