Recent Discussions
My server got hacked
Unanswered
Himalayan posted this in #questions
15 messages
0 views
HimalayanOP
My server is a Minecraft server, and honestly, it's a small server. I must admit that it's an offline server since it's targeted at Latin America. I understand if you have issues with that!
Today, while I was about to eat, hackers raided my survival server. Then, the first ones started giving "op" to other hackers. After reading the logs to see what had happened, I discovered that the initial hackers didn't directly give themselves "op" but instead added permissions using LuckPerms.
Additionally, I found a URL in the logs that led to their Discord server. I joined the Discord server, and it turned out to be a community managed by a Costa Rican (allegedly). I saw there was a store channel where various hacks could be purchased. I then compared the usernames of some members with those of my attackers, and they matched. After understanding the context, I saw that the Costa Rican and other Discord users were the attackers.
I have the Discord URL, but I'm not sure if it's a good idea to share it because it would be spreading it.
For now, I have my server turned off to prevent another attack. I'm scared to turn it back on. Please help, I need advice!
Today, while I was about to eat, hackers raided my survival server. Then, the first ones started giving "op" to other hackers. After reading the logs to see what had happened, I discovered that the initial hackers didn't directly give themselves "op" but instead added permissions using LuckPerms.
Additionally, I found a URL in the logs that led to their Discord server. I joined the Discord server, and it turned out to be a community managed by a Costa Rican (allegedly). I saw there was a store channel where various hacks could be purchased. I then compared the usernames of some members with those of my attackers, and they matched. After understanding the context, I saw that the Costa Rican and other Discord users were the attackers.
I have the Discord URL, but I'm not sure if it's a good idea to share it because it would be spreading it.
For now, I have my server turned off to prevent another attack. I'm scared to turn it back on. Please help, I need advice!
Okay, so.
Admincraft does not offer support to Offline Mode / Cracked servers.
For...exactly this reason. By running a public Offline mode server, your server is breaking Mojang Terms of Service. That's illegal.
You also open yourself up to having your server invaded. Minecraft broadcasts the names of players on a server to anyone with the IP on the server select screen.
So they scan all servers with a bot, when they find one, they sit and watch to collect usernames, and then eventually they log in with your username, have op, and nuke your server.
Run online mode and whitelist to fix the problem. Or at a MINIMUM, turn off the server.properties feature that sends the player list to people on the server list.
For...exactly this reason. By running a public Offline mode server, your server is breaking Mojang Terms of Service. That's illegal.
You also open yourself up to having your server invaded. Minecraft broadcasts the names of players on a server to anyone with the IP on the server select screen.
So they scan all servers with a bot, when they find one, they sit and watch to collect usernames, and then eventually they log in with your username, have op, and nuke your server.
Run online mode and whitelist to fix the problem. Or at a MINIMUM, turn off the server.properties feature that sends the player list to people on the server list.
HimalayanOP
Thanks for explaining all of that! I get where you're coming from, and I appreciate you breaking it down. I didn’t realize the full extent of the risks, but now it makes more sense. I’ll definitely look into fixing this and making the server more secure. I just want to have fun with my community without worrying about stuff like this. Thanks again for the advice! I need to refocus my server and set it to online mode.
@Himalayan Thanks for explaining all of that! I get where you're coming from, and I appreciate you breaking it down. I didn’t realize the full extent of the risks, but now it makes more sense. I’ll definitely look into fixing this and making the server more secure. I just want to have fun with my community without worrying about stuff like this. Thanks again for the advice! I need to refocus my server and set it to online mode.
Yup, online mode and a whitelist is 100% of the security you need. It fully prevents this sort of thing.
But also make periodic backups.
Polish
Additionally, using modern forwarding and not having backends exposed openly if using a proxy can also be important
@PM_ME_YOUR_REPO Yup, online mode and a whitelist is 100% of the security you need. It fully prevents this sort of thing.
HimalayanOP
Alright, I’ll focus on working on the whitelist for now. I’ve been making backups because I’ve been testing a lot of plugins, and sometimes they cause conflicts. My plan now is to roll back to a version from a week ago and get the server back online. Thank you so much for your help; I really appreciate your advice!
@Himalayan Alright, I’ll focus on working on the whitelist for now. I’ve been making backups because I’ve been testing a lot of plugins, and sometimes they cause conflicts. My plan now is to roll back to a version from a week ago and get the server back online. Thank you so much for your help; I really appreciate your advice!
No worries. One last bit of advice. If you use something like Spigot, Paper, or Purpur, use the plugin CoreProtect.
@Polish Additionally, using modern forwarding and not having backends exposed openly if using a proxy can also be important
HimalayanOP
Hmm, I think I urgently need to give my server a thorough review!
It lets you do rollbacks in specific areas or from specific users, without restarting your server.
@PM_ME_YOUR_REPO It lets you do rollbacks in specific areas or from specific users, without restarting your server.
HimalayanOP
Wow! This is perfect timing, haha. I’ll apply it to my server. Thank you for the help—it had me quite worried because I saw that they hacked me just to mess around.
@Komondor We don't allow recommendations that encourage piracy here. Only help that encourages online mode.
Komondor
fine
Loading...
Loading...