Security Help

WrektYourDay · May 18, 2018

Do you have a bungee cord server?

Drupe · May 18, 2018

Hey, whats your discord?

I can have a call with you to have a look what could be wrong

Disproven · May 18, 2018

There are multiple 2fa plugins as well as just setting up a secondary password on the server to stop them from being able to access it. Also just making sure your password is regularly changed as well as it not being used elsewhere.

Adding to what WrektYourDay said as well just make sure they are not bypassing the ability to be able to login to part of the network through a direct IP as bungee will not work if that part of the server is offline so just check all that section and potentially get an IP change on them.

Mooselk · May 18, 2018

You should use ProxyOnlyJoin to patch the bungee exploit, and just google 2fa plugin for spigot.

HairHen_CR · May 19, 2018

i know if u use blacklist plugins that is how they get your info

Kazdeejuyy · May 19, 2018

Hi,

There are multiple plugins that can solve a brute force-OP via malicious plugin or incorrect Permissions.

However, first I suggest you take a look at your permissions and plugins. There is no such thing as a Force-OP unless it is by a permission or plugin, Force OP via sessions has already been solved years ago.

If the problem still exists, there are plugins that can provide a password for the /op command.
I suggest using OpGuard (FREE): https://www.spigotmc.org/resources/opguard.23200/

Regards,
Kaz

frxq · May 19, 2018

Splurgies said:
Do you have a bungee cord server?

yes

Drupe said:
Hey, whats your discord?

I can have a call with you to have a look what could be wrong

Frxq15#6555

Jinxed · May 19, 2018

Frxq15 said:
Splurgies said: ↑
Do you have a bungee cord server?

Frxq15 said:
yes

That is your issue 100%.

WrektYourDay · May 20, 2018

Jinxed said:
That is your issue 100%.

Get the plugin IPWhitelist or OnlyProxyJoin so people can only connect through the bungee

TreeFN · May 20, 2018

I could potentially help you. PM me if you need further assistance. Some users don't configure their BungeeCord proxies correctly, leading to people being able to obtain OP status. To potentially fix these issues, make sure your ips are pointed correctly in your config.yml on your BungeeCord proxy. Also, make sure your proxy is in online mode. Finally, make sure that "bungeecord" is set to true in all of your servers spigot.yml files. If you feel a need for more security, I could code a solution that would solve this issue free of charge. You can also try using "ip-whitelist" plugins that prevent users from joining any of your servers ip's directly, forcing them to be required to login to the network via your proxies ip address. You can also try 2FA plugins that prevent staff from being able to login, unless they take another step (ie. entering a code, etc.)

frxq · May 20, 2018

TreeMC said:
I could potentially help you. PM me if you need further assistance. Some users don't configure their BungeeCord proxies correctly, leading to people being able to obtain OP status. To potentially fix these issues, make sure your ips are pointed correctly in your config.yml on your BungeeCord proxy. Also, make sure your proxy is in online mode. Finally, make sure that "bungeecord" is set to true in all of your servers spigot.yml files. If you feel a need for more security, I could code a solution that would solve this issue free of charge. You can also try using "ip-whitelist" plugins that prevent users from joining any of your servers ip's directly, forcing them to be required to login to the network via your proxies ip address. You can also try 2FA plugins that prevent staff from being able to login, unless they take another step (ie. entering a code, etc.)

ip forwarding is disabled anyways

Security Help

frxq

Developer

WrektYourDay

Drupe

Disproven

Server Manager

Mooselk

Motocross enthusiast

HairHen_CR

Kazdeejuyy

frxq

Developer

Jinxed

WrektYourDay

TreeFN

Java Developer

frxq

Developer