Server hacked!

[Keystirras]

Hello guys, recently a server that i work for was hacked by a person named "Kneesnap" i don't know if you guys have heard of him before, or know his methods he was able to disquise his ip as Localhost so he could log in as anybody including the owner and i.

Command blocks are disabled, we use a Bungeecord and the config seems fine but its only the one server he had access to.

Anyone know the method he uses or how to prevent it from happening again? I had to whitelist the server so an answer would be appreciated soon! Thanks.

 

[Fire]

Is this a dedicated server or a VPS?

 

[Phineas]

Change your server.properties on each server to have the server-ip as 127.0.0.1 - he port scanned your network and since your MC instances are publicly bounded, he is unable to create a fake Bungee and add your servers to connect to.

 

[Keystirras]

Is this a dedicated server or a VPS?

Dedicated

Change your server.properties on each server to have the server-ip as 127.0.0.1 - he port scanned your network and since your MC instances are publicly bounded, he is unable to create a fake Bungee and add your servers to connect to.

The server-ip is already set as 127.0.0.1

 

[Phineas]

Dedicated



The server-ip is already set as 127.0.0.1

Okay, add me on Skype (phineas_0510) - I can try and fix this for you.

 

[Riv]

I suggest getting someone to code a plugin where staff are required to setup a password, so they have to enter it everytime they join the server.

 

[Dragonfly]

You need to firewall your entire setup

 

[mattrick]

I suggest getting someone to code a plugin where staff are required to setup a password, so they have to enter it everytime they join the server.

Plugins like that already exist, except using 2FA which will probably be more secure anyway. There's also a few password plugins, but I'd recommend 2FA still.

 

[Riv]

Plugins like that already exist, except using 2FA which will probably be more secure anyway. There's also a few password plugins, but I'd recommend 2FA still.

2FA should be used for big servers like Mineplex and Hypixel in my eyes. Using it for small servers would be a bit over the top.

 

[mattrick]

2FA should be used for big servers like Mineplex and Hypixel in my eyes. Using it for small servers would be a bit over the top.

Everyone should be using 2FA.

 

[Derive]

It has to do with your connected servers being offline so he was able to force auth in a alt mc launcher and then logged to the servers not through the bungee.

 

[MrToucan]

He probably connected through one of the server ports directly instead of the bungee proxy - this would allow him to bypass all bungee security protocols and gain access to everything.

 

[23jd83yhs208d]

This happened to me a few times unfortunately. Fortunately, we fixed all our issues. Let me just tell you its a pain to setup and fix. It will cost you some $