One of my bungee networks got hacked and i need help finding the vulnerability

Lucas W.

Premium
Feedback score
0
Posts
8
Reactions
0
Resources
1
Those are the logs of the exploiter who joined, and the only clues i've so far.

Anyone has an idea on how to patch whatever he used to exploit the server and run commands like this?

1678490136507.png
 

MindVoid

Feedback score
0
Posts
6
Reactions
0
Resources
0
Make sure you have nothing like Authme, which even the basic hacked clients can use to get Operator, then make sure all your staff are trustworthy. The same thing happened to me a while back so check all logs to see any suspicious op'd users.
 

step_

Supreme
Feedback score
3
Posts
104
Reactions
18
Resources
0
Don't want to say much but the tool there using is called [MineZone] It's a python application that allows them to spoof UUIDS / and get passed captchas. The reason is because your bungee cord is very poorly setup and your also using a cracked server which is making you SUPER vulnerable against attacks. I'd recommend disabling cracked logins and fixing up your bungee cord. I'd also NOT recommend downloading IPWhitelist since a lot of people still use it and it's not updated at all for years. There is a lot of other bungee plugins exploit protection you should download to prevent server breaches. The ones that cost money are going to protect you in the long run and get updated to new security flaws in bungee cord.
( also would recommend getting's your TCP/UDP ports secured because ports left open is just asking to be griefed and have IPS leaked by any experienced person in hacking servers. SO PLEASE PORT FORWARD gl <3. )

Plugin: https://www.spigotmc.org/resources/...-from-ip-forward-bypass-exploit.65075/updates
 
Last edited:

TheUpioti

Supreme
Feedback score
0
Posts
230
Reactions
29
Resources
1
Hello, easy to know. His ip is 127.0.0.1 which means he is doing the IPFW bypass exploit, basically he joins directly through a port bypassing your auth server and making the backend think he is through bungee (hence why 127.0.0.1 ip), some people recommend IPWhitelist plugin... it works but it has other security issues like people being able to do kickall exploits if the backend ports are found, the best plugin for this is either BungeeGuard or SafeNet, they use a special authentication tocken so its way more secure than just withelisting an ip, this also makes it work with shared hosts, because ipwhitelist can be bypassed on a shared host if someone buys a server on the same node as yours.
 
Top