Ok. Pretty much what this is about is a hacked client that a bunch of my friends coded that has a force op feature. At first i did not believe them, I was like ! But they then told me to join uberminecraft...I joined and then the told me to goto one of the servers they then gave me a sword with lvl 1000 sharpness and tped me to a random player. They then talked in the chat they had no rank just a red name. We then rejoined my server and they forced op on my server and started messing around and giving themselves lots of money on it. Is there a way to disable console or something so they cannot op themselves or use commands via the console?
How did they even manage this? 0.o
P.S. They are screwed when 1.7 comes out 50,000 new lines of coding
.... Unfortunately, just because a large part of the code has been rewritten, does not mean server security was.
We can certainly hope so though.
As for the force op, I've been hearing about that lately.... Still sounds far fetched but since it's only cracked servers that are affected, (At least, I assume, and hope it is) I don't really care too much.
Just play on proper servers.
Uberminecraft is not cracked it is a server with a constant 3000+ players. It works on all servers and the hackers said it only doesn't work on a few that buy really good security? (You can buy security for a server?) oh and btw this hack, hacks into your console so they can do what they want e.g. Ban them then they urban themselves
Force-op only exists on a few private backwater hacker networks, it is NOT publicly available. That means that if you find a site offering a free force-op download, it's almost certainly a virus. Don't even bother with it.
I'm not quite sure exactly how force-op works, but I don't see it very often, so I imagine it's difficult to do. It'd be far easier just to manipulate the server owners into op'ing you manually.
There's a similar hack called a "session stealer" that I see quite often. Mostly I see people trick the server owner into joining a fake IP, which somehow allows the hacker to access their account on their server and run commands off of it (if they're opped), but most server owners aren't quite dumb enough to fall for that.
I actually never believed in forcibly promoting somebody with the use of hacks. If the server had exploitable plugins, then it makes more sense, but I actually never believed this.
I actually never believed in forcibly promoting somebody with the use of hacks. If the server had exploitable plugins, then it makes more sense, but I actually never believed this.
It's real, he was showing me it on some random servers. Unfortunately he won't op me on uberminecraft
Someone once hacked my server with ForseOp so it does exist I am also admin on other servers and 2 of them were also hacked by people with ForseOp. Markus needs to find a way to stop hackers from using nodus and that crap.
The only thing that was like that was session stealer, but It it really impossible to force op on a server.
Common forms of getting op:
- Session stealing (was patched I think, not sure)
- Bruteforcing admin passwords
- Backdoor on server machine
- Bruteforcing SSH or FTP (Usually server has measures to prevent this)
- Social Engineering skills
There's no such thing as a client-side force-op
It's simply not possible
Either you have bad moderators or they're bluffing
Incorrect. As of a long time, there has been a vulnerability which few people have known about, until about a month ago, when a user released it on a specific forum. The client which has this is public, and anyone can download it. Technically, they are not "Force-Opping", they are spoofing the username of an admin, then op'ing their legitimate account, then logging in with that.
In addition, session stealers do not work as of 1.6.0.
To combat this, bukkit and spigot recently (about a week ago), forced out a patch for their respective servers fixing this issue. However, some servers have not updated, or are not using bukkit.
Incorrect. As of 1.6.0, there has been a vulnerability which few people have known about, until about a month ago, when a user released it on a specific forum. The client which has this is public, and anyone can download it. Technically, they are not "Force-Opping", they are spoofing the username of an admin, then op'ing their legitimate account, then logging in with that.
In addition, session stealers do not work as of 1.6.0.
To combat this, bukkit and spigot recently (about a week ago), forced out a patch for their respective servers fixing this issue. However, some servers have not updated, or are not using bukkit.
Still, that's not really force-opping players through hacking the server files, it's just exploiting a security vulnerability on Minecraft's part.
(Which is quite different from typical Nodus "1337 h4x")
Still, that's not really force-opping players through hacking the server files, it's just exploiting a security vulnerability on Minecraft's part.
(Which is quite different from typical Nodus "1337 h4x")
True, though they're still gaining op. It's definitely not in any traditional sense of the phrase.
Incorrect. As of a long time, there has been a vulnerability which few people have known about, until about a month ago, when a user released it on a specific forum. The client which has this is public, and anyone can download it. Technically, they are not "Force-Opping", they are spoofing the username of an admin, then op'ing their legitimate account, then logging in with that.
In addition, session stealers do not work as of 1.6.0.
To combat this, bukkit and spigot recently (about a week ago), forced out a patch for their respective servers fixing this issue. However, some servers have not updated, or are not using bukkit.
1. You had a backdoored one installed for sure. Never accept plugins from your users, never download plugins from outside of dev.bukkit.com, always check the codes of new plugins before installing. Cant do that? Learn Java before you host a server.
2. Markus ''Notch'' Persson isnt Dev of MC anymore thus he wont do anything.
3. Nodus got discontinued, because its dev didnt like the way people use his client (thats what i heard but i somewhat doubt thats the only reason).
4. Nodus never had force op hacks.
5. Op can not be forced trough client hacks or a hacked client.
Someone re released nodus 1.6.2 lol
And they implemented the console hack into their hacked client that they made.
How did they even manage this? 0.o
P.S. They are screwed when 1.7 comes out 50,000 new lines of coding
We can certainly hope so though.
As for the force op, I've been hearing about that lately.... Still sounds far fetched but since it's only cracked servers that are affected, (At least, I assume, and hope it is) I don't really care too much.
Just play on proper servers.
I'm not quite sure exactly how force-op works, but I don't see it very often, so I imagine it's difficult to do. It'd be far easier just to manipulate the server owners into op'ing you manually.
There's a similar hack called a "session stealer" that I see quite often. Mostly I see people trick the server owner into joining a fake IP, which somehow allows the hacker to access their account on their server and run commands off of it (if they're opped), but most server owners aren't quite dumb enough to fall for that.
I was not involved with that...
My fan fiction of the game: http://www.minecraftforum.net/topic/1957118-programmer-my-first-fan-fiction/#entry24096758
That's called a proxy.
It's not a hack your friend has its a VPN
It's real, he was showing me it on some random servers. Unfortunately he won't op me on uberminecraft
I don't really believe that.
Click them or they will click you
It's simply not possible
Either you have bad moderators or they're bluffing
Common forms of getting op:
- Session stealing (was patched I think, not sure)
- Bruteforcing admin passwords
- Backdoor on server machine
- Bruteforcing SSH or FTP (Usually server has measures to prevent this)
- Social Engineering skills
Incorrect. As of a long time, there has been a vulnerability which few people have known about, until about a month ago, when a user released it on a specific forum. The client which has this is public, and anyone can download it. Technically, they are not "Force-Opping", they are spoofing the username of an admin, then op'ing their legitimate account, then logging in with that.
In addition, session stealers do not work as of 1.6.0.
To combat this, bukkit and spigot recently (about a week ago), forced out a patch for their respective servers fixing this issue. However, some servers have not updated, or are not using bukkit.
http://www.minecraft...update-servers/
Download the patched bukkit jar here; no plugins should break.
Still, that's not really force-opping players through hacking the server files, it's just exploiting a security vulnerability on Minecraft's part.
(Which is quite different from typical Nodus "1337 h4x")
True, though they're still gaining op. It's definitely not in any traditional sense of the phrase.
Their hack has nothing to do with that exploit
Someone re released nodus 1.6.2 lol
And they implemented the console hack into their hacked client that they made.