Server has been hacked. Need advice

Discussion in 'Server & Community Management' started by milk_milk, Feb 9, 2020.

  1. A Admin/Co-owner of my minecraft server decided to greif everything. We rolled backed the server due to backups. However everyone once in awhile he comes back bans people and greifs everything. What should I do? He isnt opped and somehow he always gets * perms and owner rank. We are using luckperms and command blocks are disabled. Using Minesecure and OnlyProxy as well.
     
  2. md_5

    Administrator Developer

    Did you actually remove his rank in addition to op?
    Did you change all the passwords?
     
    • Funny Funny x 1
    • Winner Winner x 1
  3. Yes I removed his rank. I changed all passwords. I thought I ran an bulkupdate to delete all user permissions. But players still have perms. Would clearing all my users in my perms plugin solve the issue?

    This is the command I used.

    lp bulkupdate users delete "permission !~ group.%"
     
  4. Does he have a second account ? Did you change the permission before or after using the backup ? A list of your plugin would be good. Try and clean his permission manually from the .yml file and not from in game.

    P.S: stop/restart the server if the plugin doesn't have an option to reload the .yml file.
     
  5. Just reset all user perms hopefull that gets rid of it
     
  6. Weaves

    Resource Staff

    I would also ban them. You should also be suspicious of any plugins they may have installed, especially if they made them or had them made.
     
  7. Yeah there definitely banned. If they come back this time I’ll redownload all my plugins.
     
  8. Yeah you might have a bad plugin
    Did they install anything on there?
     
  9. Strahan

    Benefactor

    Is it paid hosting? Does the person have credentials to the hosting acct?
     
  10. If he is banned and he can login, stop running the server in offline mode.
     
  11. I don't think a player can join a cracked server if he is banned.
     
  12. Of course he can with a new account or a new ip
     
  13. I mean, it's very easy to spoof your username and join since offline mode means the server doesn't do username authentication.
     
    • Like Like x 2
    • Agree Agree x 1
  14. If you have any custom plugins its not too hard for someone to set it up so that they can op themselves