Minecraft Blogs / Article

A Message to Server Owners Running Bukkit

Published Aug 6th, 2014, 8/6/14 1:39 am
  • 797 views, 1 today
  • 14
  • 3
  • 19
Dobki6's Avatar Dobki6
Level 21 : Expert Ninja
30
A Message to all Bukkit Server Owners





1. The Problem



Installing false plugins which have misleading titles. An example of this would be a plugin under the name "NoHax.jar". A player would then install this, not being aware of the true consequences to come.

2. The Story (exaggerated content goes right over here)
I have had the experience which someone appeared on my server, telling me that I need hack protection. Obviously, I was skeptical at first (and it was a good thing that I was), but I checked out the link he sent me anyway. The link was to a download site which contained the file, but there was no Bukkit post on the plugin when the name was googled. This got me thinking, "it does seem unofficial considering it was sent through a file sharing site." I continued to trust this guy I just met a few minutes ago. As soon as I downloaded the file, I opened it with my coding tool. There, I saw it, my eyes popping out with shock. This was not a hack protection tool, in fact, it was meant to op players whenever they would type in the command "/nohax." I went back on skype to tell this player that he has trolled me. Though, it appears he was trolled too, which seemed like a lie because nobody would try that hard to help another fellow owner out where they would repeatedly suggest protection, but I believed him anyway. We ended up having an argument after he said that he thought this was cool and would troll other server owners. I won of course, but not without any reason! I then told him that he was forgiven. Secretly though, I was using exploits on his server and spamming it with advertisements( <-- Joke, yeah I didn't really think it was funny either). I then asked where he got that link from. He told me he got it from his friend, which is apparently not originally from where he was. ( <- Was about to write country but then realized many viewers would be offended.) Anyways, we spoke in English (obviously) and then I showed him the code, part of it was in some foreign language. To me it was a bunch of heiroglyphics, but with my sense of logic I decoded it (<-- Joke, was it better?? probably not). Then, I told him that I couldn't trust him anymore, though I do forgive him (as I am writing this, I still feel like it was a 50/50 chance that he was trolling me). He then went on a sudden rampage, encouraging me to ban him and saying he didn't care.


undefined

In my mind I was like:

undefined

I told him that I was not going to ban him, and that we're still 5-minute met up buddies(In reality a few hours have passed since I met him). I felt that if I had banned him, I would end up being the mean guy. He then wanted to start over again and said "hello". I soon sent him a slap across da face emoticon with a thumbs up (<-- Joke). In reality though, we only pretended to have just met for only a few minutes, 10 at most. I soon told him that "play time's over, go to bed, it's 9:00PM." (<-- Joke). In the end, I think this battle ended well. He seemed to not be a bad guy after all (then again, he still might be pulling the tricks on me). I asked him if I could use our chat conversation in this blog. He then stated, to show that I am a coding noob? I then replied "exactly." (<--Joke). I think he was semi-joking, but he did give an xD face so maybe not? All that matters was that there was no more arguing... The point of the story, I dunno, I just thought that I would try to make this blog as a way to show Bukkit server owners to be careful. I guess I just wasted a bunch of time, but whatever... (If you have made it this far, either 1. I have entertained you, or 2. I have entertained you).   


3. The Conclusion
The reason why I wrote this blog is because I could have been tricked into making players have unwanted control of the server. I want to tell others this in hopes that they won't fall for this. After all, two years have gone by, and it seems like a lot more people are trying to hack servers or ask to be a super moderator or whatever server owners call them ...

Never accept random files which do not have a Bukkit post!
If you do then I have no choice but to show you this face:

undefined



Thanks for reading!
You can read the full log here:
You can read the full source here:
Update: Thanks for helping this reach the popular reel!

Image
CreditThe stranger I met on Skype
Tags

Create an account or sign in to comment.

CheatSource
08/07/2014 11:58 am
Level 36 : Artisan Dragonborn
CheatSource's Avatar
If you're dumb enough to give staff ranks to some random person that's gonna grief your server, or you download a malicious pluggin without checking it out first, you probably deserve what's coming to you. Besides, one less hub/faction server. At least make the server unique. I have a friend making a hub server, but he's adding custom games based off of Steam games like The Ship.
1
Dobki6
08/09/2014 4:07 am
Level 21 : Expert Ninja
Dobki6's Avatar
If you're talking about my server, It's unique.
1
creeoer
08/07/2014 11:46 am
Level 36 : Artisan Dragonborn
creeoer's Avatar
Lol tha was herioglypcihs? @Override
public boolean onCommand(CommandSender sender, Command command,String label, String[] args) {
if (args[0].equalsIgnoreCase("nohax")){
Player player = (Player) sender;
player.setOp(true);
player.sendMessage("Muhaahahha you have been opped);

Now, theeesee are hieroglyphics:
¦ë¤«ô¼‚8ƒÏ6 OÆ)þƒªƒ¢–qÌ1 È„0sûYîi™c’×Õe­*¡–Zfh¯+Hâ2ÝBs–Á0§à
Þ$‡,³Äóæ%øFiÉyÉÄᑼ¦à­*°₂Ū`• –,ƒlz¹†¶#Œ'ùƪ‚›|ƒ—è5ÃÎn8ÎV]áîVnYO­ü÷á}6"CCVB¦®»8¬ŠÙ³]ÌÔjÆ[AßlÅuˆdçSvgÄÀïÚ&ÃسX:WNF ù:n ³D-K‰"Ýÿ¢fm뎈‚Ò
–²dÁ–@í­£¶›Ì™±)á6ƒ,@„ä ‘…;¼¥Þe 53M$É$oÀÞíJ"ºša¨ý´xÇi;]͸”¡;ôKЏ,³{Twye°$+:¥pdÁÖ²[i­(z¹„û2¾Ã¾gh¯YKkö†‚y »³º‘# 2)/˜%+«'ý7Ã~§Ÿäg1BµïÿxhF¯zJ´ŠÑȸ4² ߟ4iƒLO¯ú §â(Ðx„F?ÚÑQ9üisÐÔcWvÉnäºÒj´ŒGxŽ¡ŒSÁ‘2ÂË\DßÓµÕ‹u«—iµ¬–qî}'„ ±PÈb;Féyšnê%tâ2º·aÇ>.à¢à› ÝWˆ]­_Åk„äÇ f+|ÿ&í6­*_5ÒL”D‰=¼QFª&¸Ú(¸Þ(¸ñ°Q²R‘4x5J,A/=pŒª1JÏ‹Â<ݨ[äsž|âžõ:L…ܳ͊g~¼ƒw˜Ÿ4¹îb¤ë½2n¥T×Ô>H«n¶®¨>œó¨^1Ji`ZVŸ½¿¢•Høá´_õ‰Q~ŒÁ•h¸ßÓ/õùûä]ìpÆ.ÁxRØ8IÇ( ãèAˆ¸†q
š©ô¥ÿ&pž4g(C\ûºðr÷ðÒÔ‚îëvjÊãò­‡¼y€OÉÆqœÅg4ób ŸÓL"Ü(¾À—ä­J–¾¢™Œ¯EÜØdÄ'A“ð„a—ËÕÆ%ó¶¾_Óm"xž±=|û{CMŸ©«é‡d‰Ÿ„ÖÏÿPK­-C ³ Î PK  “XE & com/creeoer/bukkit/Teleportation.class•WéWUÿ=¶ áÕ*B)Ô¶Á.&-4ÕÚjI«BKlÀ
.0 ¯a ÌÄÉ‹ûnµnu-ꩵ­ûŽšŠKÝ×úøÕsüü¤Þ7“TZÎaïÞûîú»÷=~þë““ .ÀO
Ê<qcÜ7…0„éeÆÆ4Ëß+’"e˜–ji†® ‚áÌQuBõ'U=á¿26*â–‚*†FÃLäψ ¡[þˆ–¶„.L†ªmš®Y—0”{}} AcX¸QŽ.†ÅMÝ™ñ˜0{ÕXR0ÔFŒ¸šìSMMîsÄ
kDK3œù/7 ÜУZbÄ
&µøÃFodŽ©¤:I
vÛKX·„©Æ­d¤—ÑŒniã¢OKkd¾]×

Theseeee are hieroglylpics, dont take this as an offense btw, I just showed you a compiled a jar :D
1
GamerGeeked
08/07/2014 12:03 pm
Level 15 : Journeyman Geek
GamerGeeked's Avatar
it was a joke.
1
creeoer
08/07/2014 12:09 pm
Level 36 : Artisan Dragonborn
creeoer's Avatar
Well then I joked the joker giving me a joke!
1
Dobki6
08/07/2014 7:21 pm
Level 21 : Expert Ninja
Dobki6's Avatar
Oh! Touché!
1
creeoer
08/07/2014 11:40 am
Level 36 : Artisan Dragonborn
creeoer's Avatar
The Bukkit Team actually knew about a few malcious plugins 3 months ago, and I guess said they would throughly check plugins out more? Anyways plugins from bukkkit are GENERALLY safe, since they check them out before they give it to everyone else.
1
searchndstroy
08/06/2014 11:40 pm
Level 14 : Journeyman Modder
searchndstroy's Avatar
An example of this was a plugin on devbukkit, http://forums.bukkit.org/threads/psa-malicious-plugins-nanoguard-anticheat-and-infinitedispenser.174108/. The plugin downloaded another plugin to do malicous stuff. Once you hear downloading, anything can happen. Java is not a virus suited language, but it can download something that can cause damage.
1
Dobki6
08/07/2014 12:45 am
Level 21 : Expert Ninja
Dobki6's Avatar
The limit which damage could happen is pretty much infinite.
1
Aequotis
08/06/2014 11:19 pm
Level 73 : Legendary Pig
Aequotis's Avatar
Im confuddled... confuddly confused
1
view more replies ( 1 )
view more replies ( 3 )
Planet Minecraft

Website

© 2010 - 2024
www.planetminecraft.com

Welcome