Hacking in my server, how can I stop it??

Discussion in 'Bukkit Help' started by soulbrander, Jan 25, 2011.

Thread Status:
Not open for further replies.
  1. Offline


    Well since a few days ago, invisible people have started coming into my server. I turned it to online mode, same luck. I made a whitelist, same luck. I don't think they show on my console, but since I have been having some weird errors lately I couldn't see it if it did...Please help, they haven't done anything that bad really but it's really annoying and I don't want invisi ppl with no name running around my server!
  2. Offline


    how do you know they where there then?
  3. Offline


    Stop smoking the pot.
  4. Offline


    Try MCBan. That helped me detect people with bad behavior.
  5. Offline


    Can you describe what it is they're doing?

    Sometimes when the client falls behind the server, blocks you've just deleted will be immediately replaced (kind of like you didn't have permission to delete them). Is it something like that?
  6. Offline


    A new client side hack wrapper has been released for the game. Not only that, but it is being promoted on the Essentials plugin page. This is why you are seeing people flying around your shit. I have been banning them left and right on my server.
  7. Offline


    O crap. I'm scared. Don't talk it up, or people will see it and out of curiosity use it, and talking it up or saying DON'T DO IT is just going to make more people do it.

    Edit: Is that the "give your users the accompanying client mod" thing? Why would plugin authors endorse things that mess up your server?
  8. Offline


    Well, shit. Now I have to do it.
  9. Offline


  10. Offline


    You could stop people from entering at the OS level. Going to assume your running Linux.
    Unfortunately Java isn't built with TCP wrappers so your /etc/hosts.allow is out, which is just as well since MC also uses UDP. But you could use IPtables to restrict your source addresses (MC clients). Unfortunately most of your clients are probably on dynamic IP's and iptables doesn't support hostnames.
    However you could have your clients setup dyndns and use this script to update your firewall rules.

    Then just setup a cron job to fresh every hour or so.
  11. Offline


    A specific client mod pack which shall remain unnamed is becoming extremely popular in SMP, it is easily google-able and is actually listed in the minecraft wiki. It is a compilation of dozens of various client side modifcations which allow players to fly, speedhack by keystroke, go invisible (including name display), setup their own personal teleport/warp areas, change large areas of blocks to another block type & spawn items (may be SSP only I havent tested yet). I know because I installed it and demonstrated to my ops, so they know what to look for. I've given up on the hope of minecraft being cheat free. Want to run a fairplay server then consider assigning trusted players to a moderator level, and running an op heavy server... and hope they wont ban people simply because they don't like them. I'm looking at a 1:3 admin:player ration on my server already and banning atleast 1 or 2 players per day for using cheats.
  12. Offline


    Not personally running a public server, but do you still see the user logging in via the console?
    --- merged: Jan 28, 2011 9:12 PM ---
    Reported to Thought Police. Violation: thinking about reading up on a cheat.
  13. Offline


    they're just invisible rofl
    I see them logging on my sonsole, but I only see their ip, and they change that when I ban that ip...
  14. Offline


    Put online-mode=true, and see if you get any names showing up in the console. If not, you're going to just have to be on the ball with banning IP's. If you keep banning them, they'll soon quit trying your server.
  15. Offline


    what are these people able to do? can they bypass permissions restrictions?
    or build restrictions?
  16. Offline


    could someone pm me the name of the wrapper? i want to know what i might be up against in my server. i've already seen 1 person flying, and i want to make sure this doesnt get out of hand, as i mostly moderate the server myself, and i need to see what i have to watch for, like what tremor said.
  17. Offline


    How can someone possibly login your server in online-mode without having an actual account with minecraft.net? They need that when trying to login and your server gets that information otherwise it couldn't validate them with minecraft.net.

    They can exploit the game rules but you should have some idea of who they are just by listing players online...
  18. Offline


    Yes, it has nothing to do with bypassing authentication. It is purely an in-game thing. So if you have a whitelist and your members know not to use it, there shouldn't be any trouble (for now). But in the end, I had to whitelist my server, which I did not want to do.
  19. Offline


    Is this the Earth2Me wrapper or something? I downloaded it and used it on my server but it didn't let me fly around and stuff so I just assumed that no one else could.
  20. Offline


    They aren't hacking its lag, so some people can see them other can't re-logging in works
  21. Offline


    I followed someone invisible on our server greifing right in front of me. I only had a few people on the server i had them all infront of me at one spot. some one was still destroying blocks all around us. no one elses name appeared in the server list and they left before i could check ip. I need to know what hack they use to write some protection code as it is hard to be on 24/7 . This is not lag by any means. their name is hidden on the server list. we dont run spy stuff so that hasnt been hacked. If someone is invisible because of lag a simple dc reconnect will make them visible and does not hide name from server.................

    This is a legit problem and needs to be addresses swiftly
  22. Offline


    just get antihack the plugin
    or nocheat
Thread Status:
Not open for further replies.

Share This Page