PSA: Malicious plugins: NanoGuard Anticheat and InfiniteDispenser

Discussion in 'Community News and Announcements' started by EvilSeph, Sep 11, 2013.

Thread Status:
Not open for further replies.
  1. Offline


    It has come to our attention that the plugins "NanoGuard Anticheat" and "InfiniteDispenser" have been distributing potentially malicious code hidden within their update process. We urge all server admins running these plugins or who have run these plugins to read this PSA carefully and follow the advice given immediately.

    We strongly advise all server admins to cease using these plugins immediately:
    • NanoGuard Anticheat (Default file name: NanoGuardJAR.jar or similar)
    • InfiniteDispenser (Default file name: InfiniteDispenser-3.2.jar or similar)
    As a general precaution, we strongly recommend that all server admins perform a full examination of their server, keeping an eye out for unknown plugins or suspicious behaviour - as is proper on a periodic basis. We also would like to remind server admins to avoid running anything with root or admin privileges without taking the proper precautions to safeguard against the security risks it poses.

    In accordance with our community policies regarding malicious code, these projects and their files have been completely removed from our sites and the individuals associated have been banned. While we do not - and cannot - guarantee we'll catch everything, our approval process is an ever evolving aspect of our project and we believe that it is an integral piece in providing server admins with peace of mind when running their servers.

    Thanks for your continued support and understanding in this matter,
    - on behalf of the Bukkit Project
  2. Offline


    Yeah. I got a message from my host that a process triggered from my server called "minerd" came up after I installed InfiniteDispenser.
  3. Offline


    All MY SERVER FILES WHERE DELETED i guess its because of this!! Thanks a lot!
  4. Offline


    I also kept a copy of it just in case.
  5. Offline


    EvilSeph ok thanks for telling me, but id like to continue using my server now. i cant with the message, i removed the p[lugin.
  6. Offline


    I've downloaded the "pluginupdate.jar" and decompiled it. Looks like it's tied to a botnet...
  7. Offline


    That looks nasty....
  8. Offline


  9. Offline


  10. Offline


    What is that "pluginupdate.jar" ? how to get that? that downloading with update to one of that plugins?
  11. Offline


    You don't want it. End of story.
  12. Offline


    If you have one of the plugins stated above, there is code in there that downloads the pluginupdate.jar from the developers website.

    If you have it, remove it. It's absolutely atrocious.
  13. Offline


    What was in those plugins that can make a security risk? What exactly did it do to servers?
  14. Offline


    As LazyLemons indicated above, it appears that servers with these 'dirty plugins' installed are being exploited as DDoS Attack servers.

  15. Offline


    If I remembered correctly, minerd is a program that I used to mine bitcoins with, maybe the dev wanted some money with bitcoins? Its just inethical to install a CPU hogging software on people's computers without their consent...
  16. Holy crap, using bukkit minecraft servers to DDOS. That's pretty damn cruel.
  17. Offline


    ... I don't want it... I only want know what that... And how that work. (Why is dangerous)
  18. Offline


    It can get you suspended and kicked off a host, and uses up your server's resources, making it likely much slower.
  19. Offline


    Even if you have good intentions and try to update your plugin from your own website, nothing says that tomorrow your website doesn't get hacked and the file gets replaced.

    Auto-updaters in general are a problem. Your server could auto-update with a version that doesn't work and in which the auto-updater is broken, leaving your server broken. It's better to run a working older version and to manually update when you have time to.
  20. Offline


    Its better that you got it know then never!
  21. Offline


    It auto-DDoS's your server. Don't know what a DDoS is? Look it up. It'll block your server.
  22. Offline


    Block? What?
    KawaiiNeko, 1mpre55 and Chinwe like this.
  23. Offline


    Oh wow! That's crazy they tried using servers to DDoS! That's really sick and wrong! Good job Bukkit team for catching these people!
  24. Offline


    Hey, I love infinite dispenser! It's too bad they did that but will the old versions still work and I won't have any malicousness? And if so please reply with a link to another one! Thnx EvilSeph for letting all of of know!
  25. Offline


    but i got infinitedispencer 2.5 it works good :( i dont wanna get rid of it unless someone can give me another one thats good just like it but i tried one a long time ago and it wouldnt work well with redstone sometimes but this did
  26. Offline


  27. Offline


    Wow, glad i never got this plugin, Will anybody be remaking a plugin that does infinite dispensers without all the nasty stuff?
  28. Offline


    about 2 months ago i used Infinite dispenser. and BAM! My server world was full with a miljions of Fireworks and Crashes It took me 1 Month to fix it.
  29. Offline


    Probably someone hooked a bunch of infinite dispensers with fireworks in them attached to rapid clocks.
  30. Offline


    I'm aware what a DDoS does, but I don't think you are if you think it blocks the server or website.
    1mpre55 and NextInLine like this.
  31. Offline


    I might have to make my own now, such a great plugin.. Gonna get to work xP
Thread Status:
Not open for further replies.

Share This Page