[SEVERE WARNING]Groupmanager Exploit

Discussion in 'Bukkit Discussion' started by ExplosiveBacoN, Dec 21, 2011.

Thread Status:
Not open for further replies.
  1. Offline

    ExplosiveBacoN

    Well today was one hell of a day for me. Lets begin with the story of how My server got fliped upside-down by a hacker.

    It was a regular day, until a user named joined and had a little fun. He had some how, probably with the use of a hack client, managed to promote himself to admin by passing permissions. I hope that this is a flaw with groupmanager as I do not want this fate for any other server owner. Long story short, this guy fucked shit up. I would switch from groupmanager to something more reliable. If you want the whole story then 'pm' me.
     
  2. Offline

    arnie231

    was your server in offline mode ? as if it was anyone could join with the same name as oneof the admins and have the same powers of the admin
     
  3. There is no way to 'hack' your way past GroupManagers permissions.
    You simply didn't setup your server correctly.
    Namely, you left the users at default and ran in offline mode so anyone could log in under any name.
     
  4. The same thing has happened to my ServerCraft server twice..
     
  5. Offline

    zipfe

  6. Offline

    Ras20906

    same happened to my friend server!
    I warned him many times!
    now we using PermissionsEX
     
  7. Offline

    Cirno

    Solution, as suggested by admins and scientists alike.
    online-mode=true
     
  8. Offline

    chaseoes

    I hope you realize this thread is a year old.
     
  9. Offline

    Bear202

    Serious necro-ing going on here :eek:
     
  10. Offline

    joehot2000

    actuelly, there is.
    i have seen more then one server (my own included) greifed or destroyed by theese hacks.
    how can they be stopped is what i need to know :(
     
  11. Offline

    Jonchun

    actuelly, there isn't. i have never seen one server greifed or destroyed by theese hacks when permissions have been setup correctly. If a server is running in ONLINE mode, and has properly configured permissions/plugins, there is no way someone can "hack" your server. how to configure your server properly is what you need to know :(
     
  12. Offline

    joehot2000

    hmm, ok.
    he probably used some bug exploit i put in permissions accidentally then.
    i removed the /manuadd and /manpromote command, but good to know that its probably just configuration.
     
Thread Status:
Not open for further replies.

Share This Page