We had experienced hackers before, just a few, a simple ban worked. Today, we got 20 random people who all joined and started griefing the whole server for no good reason! They banned me, but I could unban my ip or my username! I did a backup, 50% of the server's gone, so.... They some how got op and owner rank without anyone doing anything whatsoever , and when I did the backup, They got unbanned. They haven't come but I suspect they will. Please help me find out who / t/hey are where to find them on mcprohosting control panel. I kind of want to troll them. My friend recommended doing a clock with the /kill command, but I need there full igns! Is there a way I can get them back or by contacting mojang? Our 3 server anticheats didn't help either...
sorry.. I was just really upset so I said that.. It just seems so horrible how a month long server work rom 10 people can go to waste in a fw mins. And honestly, its not funny at all, plus its a useless comment...
Rollback Post to RevisionRollBack
We need Builders!
If you are interested, add me on skye @ live:williamgolovlev_1
Something similar has happened to me before, this is because I had online-mode set to false in the server.properties. What this does is bypass the requirement for accounts to be validated by Mojang's server. Players can therefore spoof their names or UUID's in order to trick your server into thinking they are someone with valid permissions to run server commands they would not otherwise be able to access. Make sure that online-mode is set to true.
The next thing you want to do is make sure that your permission nodes are configured correctly. In your permissions plugin, make sure that nobody can access high level commands that shouldn't be allowed to. For example, if you were using PermissionsEx and someone had the permissions.* node; they could elevate themselves to an Admin with /pex user <their_username> group set admin. Be especially careful with the nodes regarding your permissions plugin.
Lastly, make sure that you're not running any plugins that just allow people to fly around, spawn blocks, enter creative or have super pickaxes. Set up WorldGuard borders and don't let any new players have ridiculous levels of access and features.
1.) Hit CTRL+F while looking at the server log with a text editor, and search for any instances of "op." If a staff member opped these players, it will show up here.
2.) Look at any and all commands run by the griefers who managed to get OP. It may be a plugin you installed that lets them OP themselves.
3.) Contact your host for a possibility of a backup if you didn't have one that satisfies you.
Another example is Remote Tool Kit, where the Telnet option is not disabled and allows anyone to gain access to your server and run commands to Op players.
We had experienced hackers before, just a few, a simple ban worked. Today, we got 20 random people who all joined and started griefing the whole server for no good reason! They banned me, but I could unban my ip or my username! I did a backup, 50% of the server's gone, so.... They some how got op and owner rank without anyone doing anything whatsoever , and when I did the backup, They got unbanned. They haven't come but I suspect they will. Please help me find out who / t/hey are where to find them on mcprohosting control panel. I kind of want to troll them. My friend recommended doing a clock with the /kill command, but I need there full igns! Is there a way I can get them back or by contacting mojang? Our 3 server anticheats didn't help either...
We need Builders!
If you are interested, add me on skye @ live:williamgolovlev_1
You want to take legal action? That's hilarious.
sorry.. I was just really upset so I said that.. It just seems so horrible how a month long server work rom 10 people can go to waste in a fw mins. And honestly, its not funny at all, plus its a useless comment...
We need Builders!
If you are interested, add me on skye @ live:williamgolovlev_1
I would recommend contacting your host
You should have access to your server logs on MCPro, in those you can pull the IGN's and UUID;s of the players who crashed your server.
If they did not get op'd by yourself or or other staff, other possibility is access via a plugin downloaded from 3rd party source.
I see. thank you. what plugin exactly?
We need Builders!
If you are interested, add me on skye @ live:williamgolovlev_1
Something similar has happened to me before, this is because I had online-mode set to false in the server.properties. What this does is bypass the requirement for accounts to be validated by Mojang's server. Players can therefore spoof their names or UUID's in order to trick your server into thinking they are someone with valid permissions to run server commands they would not otherwise be able to access. Make sure that online-mode is set to true.
The next thing you want to do is make sure that your permission nodes are configured correctly. In your permissions plugin, make sure that nobody can access high level commands that shouldn't be allowed to. For example, if you were using PermissionsEx and someone had the permissions.* node; they could elevate themselves to an Admin with /pex user <their_username> group set admin. Be especially careful with the nodes regarding your permissions plugin.
Lastly, make sure that you're not running any plugins that just allow people to fly around, spawn blocks, enter creative or have super pickaxes. Set up WorldGuard borders and don't let any new players have ridiculous levels of access and features.
My dragons are my bae's >>> <<< Click on my eggs or hatchlings for free bacon.
Thanks. But I still want to know how I can pinpoint my error.
We need Builders!
If you are interested, add me on skye @ live:williamgolovlev_1
Getting back at them isn't worth the effort. Just make sure your server is secure, set up your backups properly, and don't OP people you don't know.
Also if you have the configs set to where anyone can join without verification, then that is probably how they got OP and you should know better.
Server console....
1.) Hit CTRL+F while looking at the server log with a text editor, and search for any instances of "op." If a staff member opped these players, it will show up here.
2.) Look at any and all commands run by the griefers who managed to get OP. It may be a plugin you installed that lets them OP themselves.
3.) Contact your host for a possibility of a backup if you didn't have one that satisfies you.
Another example is Remote Tool Kit, where the Telnet option is not disabled and allows anyone to gain access to your server and run commands to Op players.
Thanks
We need Builders!
If you are interested, add me on skye @ live:williamgolovlev_1