Hello, new subsection! In honor of the opening, I decided to tell you from personal experience about how the servers on RU Projects were hacked and hacked!
To talk about the more popular hacking methods, I decided to show you an old way, very ancient.
This is such an old bug that FalseBook existed at the time. Hacker
How it worked:
1) Install Nodus
2) We go into Minecraft hacks with a standard nickname (Own)
3) We go to the server and look at the nickname of the moderator or admin
4) We leave the server, start another Minecraft hacks in the second window
5) Go to the Account Settings tab
6) We write a slash and the nickname of the admin or moderator Something like this (/ admin228)
7) We go from the second Minecraft hacks to the server with a standard nickname, wait until it kicks (When there is nothing to kick it, there is nothing to press)
8) When kicked from the second account and write (/ op “your nickname”) and exit
9) We go from the main one and you have an admin panel
The second way to hack the admin panel (through the plate)
1) Launch Minecraft hacks, go to the server.
2) We survive, we craft a sign, We put a sign on the ground.
3) We write in the second line
HOW TO DOWNLOAD MINECRAFT HACKS
This thing is already more serious, and at one time ruffled almost every third project’s nerves. Not only nerves but also strength. Since even we did not understand at first how they broke our servers.
The essence of this method lies in open ports through which a person connected, after which it was possible to create whatever your heart desires. In fact, the method is also quite old, and I only found a way to solve it.
1. We go into our SSH client and write the command – “/ sbin / iptables -A INPUT -i eth0 -p tcp –dport YOUR_PORT -j DROP” I answer the question of what this command does: It closes all incoming connections (except local) to this port so that others cannot connect to it. What is it for? Well, so that others cannot connect to your server, let’s say from another bungee (I will take a long time to explain the whole story, how it will be time to sign everything). Where it says YOUR_PORT, we indicate the port of your SERVER. If there are other servers, their ports must also be closed, or a crash cannot be avoided.
2. If you do not have access to SSH, do the following … Go to download the plugin and install it on your server (Spigot), then go to config.yml BungeeCord, set ipforwarding: true, then go to spigot.yml (On the server) and set bungeecord: false. Reboot the server and bungee, PROFIT. More about configuring the plugin itself: proxyIP: 127.0.0.1 is the ip of your main proxy (BungeeCord) playerKickMessage: ‘& cYou have to join through the proxy.’ – a message that will be displayed when entering the server. I recommend writing something like – “The server can only be accessed from the ip: mk.moyserver.ru” There is one drawback in this plugin, all players have one ip actually, we conclude that you cannot ban anyone by ip or the entire server will be banned. … If the server and bungeecord are on the same machine, then the issue is solved by setting up the server. In server.properties, set server-ip = 127.0.0.1 This will disable the server accepting incoming connections from the Internet, i.e. it will not work to connect to the server bypassing bungeecord.
1. This is more likely not a fix, but advice. Stop downloading plugins from different garbage cans like VK groups or random sites. 3 resources from which you need to download plugins – bukkit.org spigotmc.org curse.com. Usually this is what they achieve, they say – “drain the plug-in from the cerebral palsy server”, but in fact they just want to slip you bullshit in order to break your server later. ZY – who suffered from hacking, I advise you to download plugins from official sources, so that later do not suffer.
2. Prohibit the use of important admin commands (authme, pex, stop, save-all, etc.) in the game chat, allow only in the console, for this you can use the nocheatplus plugin (line on the screenshot).
HOW TO INSTALL MINECRAFT HACKS
The funniest way, this method is connected with the enabled “Session authorization” function in the plugin for authorization. Each player has a unique number – UUID. The authorization plugin verifies it, if it matches, then it skips the password entry step. In fact, now this is no longer since in new versions of AuthMe this has been fixed.
HOW TO INSTALL HACKS FOR MINECRAFT
Even funnier is the way, its essence lies in the built-in exploit in the plugin. More precisely, in a built-in command inside the plugin. This method was used by Youtubers in the Ru Minecraft segment, filming “Plums of school servers”. They uploaded ready-made server assemblies to the game forums, uploaded a plug-in to these assemblies, in which the evil Exploit was sitting.
List of similar commands that were sewn into plugins. After their execution, full access was given (in the Permission plugin, “*” this asterisk in the plugin was issued, which means that you are given rights to all commands)
Hacking through the library – / signa
Flood Protect – / fp help 18971712
AutoMessage – / am add sheet name, – / am command name
/ sudo – OwnNik command_without_slash
/ server – the name of the server, or you can go under the nickname md_5 and he has this command and you can hit anyone
/ send – the name of the server, or you can go under the nickname md_5 and he has this command and you can hit anyone
/ ncp delay op nickname – execute the command on behalf of the console
/ hoTb43fd help 18971712
/ eb give me opHacker
At the end
The way our project came across. In the plugin for saving the world, there was a whole line related to direct access to server files. If you put the wrong value, you can merge the complete server assembly. Just deflate. This happened with us, the most terrible joint. But fortunately, this drain had almost no effect on us.