Looking for a 1.13 UUID Spoofer Fix

Status
This thread has been locked.
PebbleHost
High performance, consistent uptime and fast support. Minecraft hosting that just works.

BrianGrug

Full time failure
Supreme
Feedback score
56
Posts
1,473
Reactions
995
Resources
1
Why not a firewall or IPWhitelist?
 

BrianGrug

Full time failure
Supreme
Feedback score
56
Posts
1,473
Reactions
995
Resources
1
Because that's not what is he saying/requesting.
I’ve only ever seen this used on bungeecord servers because their in offline mode. Maybe because I don’t play the newer versions I wouldn’t know
 

xADudex

Feedback score
1
Posts
18
Reactions
6
Resources
0
Preventing UUID spoofing is exactly what "online-mode" is for in the settings.yml file. If you are running an offline server, I suggest installing an auth plugin that binds a password to the uuid of the account. If you are running offline servers behind a bungee server, then you need to either use a ip-whitelist plugin or turn on a firewall for the actual servers. The whole reason why you need to turn servers into offline-mode when using them behind bungee is because the protocol does not allow for proper verification that can not be spoofed of player accounts.

You can read more about how to setup your bungee network here:
https://www.spigotmc.org/wiki/bungeecord-installation/#post-installation

There is never any reason for any player to connect directly to a server without going through the bungee server. If you want specific (sub)domains to point to a specific server, (example main/hub server: server.com, survival: survival.server.com, parkour: parkour.server.com etc), then I recommend looking into ip-forwarding in the bungee settings.
 

RexTheMon

Cybersecurity Student
Supreme
Feedback score
12
Posts
167
Reactions
60
Resources
0
MORE INFO

My server is getting griefed by uuid spoofers. They are getting on when they aren't even whitelisted and for some reason have all permissions.
There are some clients that allow setting a custom UUID and joining, u sure if it’s fully related to Bungee or not.

Plugin itself wouldn’t be hard, when a player joins check their UUID and Name against Mojang (with a caching system).

I can make this for you if you want, but are you sure there aren't other precautions you can take to make sure the players are on a valid account? I don't know much about Bungee so I wouldn't know.

Preventing UUID spoofing is exactly what "online-mode" is for in the settings.yml file. If you are running an offline server, I suggest installing an auth plugin that binds a password to the uuid of the account. If you are running offline servers behind a bungee server, then you need to either use a ip-whitelist plugin or turn on a firewall for the actual servers. The whole reason why you need to turn servers into offline-mode when using them behind bungee is because the protocol does not allow for proper verification that can not be spoofed of player accounts.

You can read more about how to setup your bungee network here:
https://www.spigotmc.org/wiki/bungeecord-installation/#post-installation

There is never any reason for any player to connect directly to a server without going through the bungee server. If you want specific (sub)domains to point to a specific server, (example main/hub server: server.com, survival: survival.server.com, parkour: parkour.server.com etc), then I recommend looking into ip-forwarding in the bungee settings.
 

BrianGrug

Full time failure
Supreme
Feedback score
56
Posts
1,473
Reactions
995
Resources
1
MORE INFO

My server is getting griefed by uuid spoofers. They are getting on when they aren't even whitelisted and for some reason have all permissions.
Is your server bungeecord?
 

BrianGrug

Full time failure
Supreme
Feedback score
56
Posts
1,473
Reactions
995
Resources
1
Status
This thread has been locked.
Top