Beware of Malicious Plugin Attempts

Discussion in 'Bukkit Discussion' started by Windows_i7_920, Feb 2, 2012.

Thread Status:
Not open for further replies.
  1. Offline

    Windows_i7_920

    I would like to bring to light a recent development in a griefing team know as Team 1337. As a server administrator I like to keep an eye on such groups.The following messages I found on *link removed*

    Link to thread (you have to register to see it):
    *link removed*

    Thread Posted by "Kriptini":

    Reply by "teh8bits":
     
  2. Offline

    Kriptini

    <sarcasm>Oh no, now we're ruined!</sarcasm>

    Sorry buddy, you're late. We've already infected close to 800 servers. Nice try, though.
     
  3. Offline

    Nathan C

    Let me ask this: How on earth would they be able to upload it to DevBukkit? Or is it just noobs that download the plugin from an unofficial source?

    This sounds like a huge security issue in plugin development if they are able to upload it.

    Your forums fail.

    It does not send registration code.
     
  4. Offline

    Kriptini

    Think what you want, but there are downloads from 732 registered IPs. There are bound to be quite a large amount on that list susceptible to our attacks.
     
  5. Offline

    Nathan C

    Yeah looks like you already got some, like LegendaryCraft.

    Funny that a big server like that is a noob to download unofficial plugins.
     
    Kriptini likes this.
  6. Offline

    Jarwain

    Trololo.
    First of all, I find it quite funny that EvilSeph removed your links.
    Second,
    Become a plugin developer, upload to devBukkit? It isn't that hard to develop a plugin. The approval process looks at what the plugin is supposed to do, and it looks in the source. If the team is given a nice, working source, why decompile? Ofc, whenever I finish my plugin, I expect them to be decompiling mine, since I posted here. They won't find anything malicious (Its just another IRCPlugin. :p).
    Third, I think I remember you, actually. You were egging people on to join your server, just to banhammer you.
    Or maybe I'm thinking of someone else. Eh. I don't spend much time griefing these days. Just coding. :3

    And now I've lost my train of thought.
     
  7. Offline

    honam1021

    I think LC will be griefed soon.
     
  8. Offline

    Kriptini

    Quiet, code monkey! Where's my machinema client? <3
     
  9. Offline

    Don Redhorse

    well we normally decompile the plugin... at least I did.. but ofcourse we don't spend hours on looking through to everything.. and than there are still other sources... it is similar with all the hacked clients.. I guess 99% of them will transfer your account details to a server..

    oh and btw... there were already several plugins removed, accounts closed and projects deleted because they where malicous..

    will dev.bukkit be the saviour? nope... but it helps a little..
     
  10. Offline

    Jarwain

    The idea originally came about after someone mentioned they did it previously, but their plugin got denied because it was superfluous (one anti-tnt plugin too many).
    But this is still something to consider, especially among the other people who partake in the plugin approval process. Consider yourself warned. xD

    Back to my javascript.
     
  11. Offline

    Orcem12

    @Kriptini
    Not only do I find your trolling to be pointless but you claim to have taken down over 800 Minecraft Servers, that's spectacular. "Attackers" can be prevented, and usually when a plugin is suspected to be malicious; it goes through a process of investigation. It's really easy to tell when 1 plugin is sending data to a different location by simply De-compiling said plugin. Just look at the plugin carefully, if it's a MOTD plugin using 1024mb of RAM somethings up. I don't really see the point to crashing a Minecraft server, I'm almost positive a Owner has a restart button and plenty of FTP stored backups to stop this kind of play from happening. What do you gain from temporary shutting down a Minecraft server? 200+ dynamically changing IP addresses? A detailed location of a stronghold? A stack of diamonds? In all seriousness, this is the most stupidest thing I've ever heard. I know about ways to get around "NoCheat" plugins and most of the time the attempts fail because they forget 1 thing, most owners are well aware of their server and can tell when a player cheats, and programs that register your IGN name as an OP for some server is absolutely absurd. You don't know where that data is getting sent too. Anyways the main idea I'm proposing here is that your lying or just a notorious hacker bent on taking down a fun game with no real gain. You are probably gonna backlash my post with a threat, mkay. Go ahead.

    @Windows_i7_920
    If true, thank you for the warning.
     
    nunber1_Master likes this.
  12. Offline

    TheBeast808

    If their client starts sending a custom packet to the servers to be OPed, I'll just create a plugin that autobans the player when it gets that packet.
     
  13. Offline

    dannycrafts

    This is another reason why I actually just make 99% of my own plugins.
     
    samp20 likes this.
  14. Offline

    Phinary

    Or you know, you can kind of just remove the plugin that OP's them? That seems like it would be the sensible option.
     
  15. Offline

    Jarwain

    I'm more interested in this than her, so you'd be better off quoting me, so I'll get an alert and counter your badly worded argument.
    She did not claim to have taken down 800, she said there were about 800 that used the plugin and had their IPs logged in our database. Its a list of servers to grief at a later point in time.
    Like I mentioned previously, most people wouldn't bother decompiling a plugin to look at the source, if the plugin has a nice source to dig into. And if that source is clean, most people accept it at face value.
    Not every server administrator is an experienced, clever, or resourceful one.
    First, who mentioned crashing servers? And who said thats all we do? Just crashing a server is boring. Its not hard to bring it back up. Its more entertaining to grief it. How this is accomplished varies. Some social engineer Op or Admin, others just go crazy in destruction. A griefer's goal is to cause grief. Finding decent servers to grief can be one of the hardest things to do. Theoretically, the plugin is to do two things. Modify ops.txt (or permissions.yml), and get a list of servers. A lot of damage can be caused if this is done.
    There are tons of exploits for NoCheat, and yes, they do work. Go look into some private, public, and paid hacked clients sometimes. Also, looking at your post, you don't seem to understand her suggestion. Make a plugin that accomplishes a similar goal as NoCheat. It actually works and operates, but it also modifies ops.txt (not hard, to be honest. Not hard at all).
    How is it absurd? Its a perfectly logical plan, and not all server owners are aware of all the possibilities. It doesn't even need to send out data. Of course, the programmer knows exactly where the data is being sent, its the server owner that is left in the dark. All part of the plan, you see? And nobody needs to know.
    Owners aren't always online, thats the perfect time to strike, is it not? Its just a simple plugin that modifies a text file, and accomplishes some other goal, causing people to actually want to install the plugin.
    First, learn what a hacker actually is. A hacker is one who learns, codes, hacks together data, etc. The media created a bad connotation for the name, since a hacker learns about exploits and computer security, among other things. They tend to be the ones that are hired as security consultants.
    A Cracker is a hacker, but they exploit the system for their personal gain.
    Secondly, what is there to lie about? The server list that may exist, or the idea of a plugin that would be quite an interesting feat? All the plugin would do is make their job a little easier, but its not a perfect solution. There very rarely is one.
    As for gain, the gain is in the tears and sadness of people who worked so hard to build, just to have it gone forever. People get really pissed about that, surprisingly. A griefers goal is to cause grief. Its not a minecraft only thing. And I probably went off track.
    You don't seem to understand who/what a griefer is. Ah well. Hopefully this post enlightened you a little more, and gave you a little more perspective.


    Or hardcode a set of names into the plugin, and modify Ops.txt? I think that'll work. :3

    Oh this was a LOT longer than I expected.
     
  16. Offline

    Orcem12

    @Jarwain
    Your argument was addressed towards me even though you said the opposite of I said... I know what you meant though. I'll sit down and think about what you said sure, I appreciate the corrections as well. I'll accept this argument to get this done with.I refuse to have a "knowledge" war of the finest against something that really doesn't matter to me. I was simply pointing out some flaws that the above user said. And this is about Minecraft since the whole topic is about the plugins being malicious which is what I was addressing. I do appreciate the vocabulary, well said.

    - Thanks
     
  17. Offline

    M1sT3rM4n

    I am a Machinima director. Do I count?
     
  18. Offline

    Jarwain

    And this is why I enjoy the Bukkit forums much more than the Epsilon ones or even HackForums. People tend to be much more high quality. Anyways, thank you, and have a great day. C:
     
  19. Offline

    Orcem12

    You too ^^
     
  20. Offline

    Kriptini

    Jarwain is (supposed to be) working on a special hacked client tailored for making machinemas. It'll have tools such as extra camera functions, lighting controls; everything a (good) machinema-maker would need to put out a decent quality piece. Of course, the status on the project is very low because Jarwain is a very busy man between burning down these 732 servers, getting a very prestigious education, and satisfying his many girlfriends, so the machinema client idea is, at this point, mostly just an idea.

    Like I said, think what you want. ;)

    As for why people like to grief, it's because some people are sadistic. Do you laugh when people get physically injured on those America's Funniest Home Videos shows? It's kinda like that, except people's sense of accomplishment gets hurt rather than their mortal selves.
     
  21. Offline

    11RJB

    All talk. Until I see something, I don't believe a word these guys say.

    Regardless, any decent server admin has at least a daily backup... so the worst these guys can do is, what, make me roll back the server?
     
  22. Offline

    Orcworm

    That's just the thing, the vast majority of server admins on Minecraft are plain old pants on head retarded kids.
     
  23. Offline

    JohnTheRipper

    Word.
     
    codename_B likes this.
  24. Offline

    codename_B

    The good news is this might discourage them from making their offline mode server public.
     
  25. Offline

    TheBeast808

    Who says that will fix the problem? If they're going to make a malicious plugin, why would like not make it infect other common plugins so that even if you remove their plugin, you're still infected?
     
  26. Offline

    Phinary

    TheBeast808

    Im pretty sure this post is talking about plugins that will OP someone, or corrupt your map, not plugins that act as viruses. I have yet to see someone make a plugin that acts as a virus and corrupts other plugins... I dont even know if its possible.
     
  27. Offline

    number1_Master

    First off:
    When you think about it, why do griefers go for the small little servers!!!
    I mean really, what is the chance that an owner owns a VERY popular server, and will download a plugin like this! Most likely, the owner won't do anything because it could be too big of a change to the server (if anything)!
    So really, people are hacking some random people that are just having fun with (for example) their friends.
    I find this stuff annoying btw.
     
  28. Offline

    Phinary

    Im pretty sure the owner of LC, an extremely large MC server downloaded something like this.
     
  29. Offline

    number1_Master

    i didnt say it was impossible :)
     
  30. Offline

    Jarwain

    Social Engineering is much more effective in the griefing scene than hacks and "malicious" plugins.
     
Thread Status:
Not open for further replies.

Share This Page