What is Session Stealer? Session Stealer is a program that steals a minecraft user's session to obtain their credentials and send a bot to any server and perform commands. It only lasts about 5 seconds, though.
How Can I Avoid Having My Account Compromised? It's pretty easy, actually. There are a couple different ways of avoiding Session Stealer. You can get a plugin called NoCheat+. It has a lot more features than NoCheat and prevents a lot of hacks, but one of it's features is only allowing the console to /op players, so if someone did steal your session and sent a bot on your server to do /op, it wouldn't work. You can also just not join anyone's server who you don't trust.
What's The Process Of Someone Using Session Stealer? 1. A player gives you an IP to some server and tells you to join it for some reason. 2. You join it, only to be disconnected with some kind of error message. 3. By joining that fake server and being kicked, a bot get's sent to the target server, logs in, issues some commands, and logs out.
Reasons That People Want To Get Me To Join A Server? (More to Come Soon) -Your map was stolen by this server! Here's the IP: (IP here) -Dude, I made a plugin, but I haven't released it yet. Come on my server to test it. Here's the IP (IP here) -Bro, check out my server. Here's the IP: And things a long these lines.
The Meaning of Life, the Universe, and Everything.
Join Date:
11/23/2010
Posts:
43
Minecraft:
markorply
Member Details
Looks interesting and helpfull..but can you explain more detailed into the process of session stealing, I don't want to do that but I want to know what they can use with my ip
For the record they can't actually get your sessionid as that would be very bad. They're actually tricking your client into a one-time authentication that they can use, allowing them to join a server as you once only. It's also fixed in the snapshots!
-Dinnerbone
Otherwise, do what Minionsman said. Set op to consol-only, don't go on servers you suspect are doing this, relogging will fix the problem if you think a someone is impersonating you on a server.
Don't install any plugins that aren't trusted, and found on bukkit.org.
If someone joins your server, and within a day suggests a plugin to you, that they made, etc, don't install it. :3
Rollback Post to RevisionRollBack
I began minecraft ~July 7 2011 1.7.3 Beta
My username used to be Creative_Dalek but is now Dalek since 2/4/2015
If you are the owner of a server, use the banhammer (/ban [player] ) as bans override ops. Use (/deop [player]) to prevent them from using certain commands (like /op , /deop , /ban , /pardon (unban), /give, etc.) .
If you have a permissions plugin (like PermissionsBukkit, BPermissions, PermissionsEx), use it, and set ops to not have all permissions.
Don't trust people that say they are from places like Planet Minecraft for example.
Only allow trusted people to "test out permissions"
Like Skaro said, don't install plugins from other websites except for bukkit.org (that means other players). Say if someone gave a plugin for you to try out, it just may be a plugin that ops them (and honestly it probably is).
If you have access to the files (in the server directory), put a list of known griefers in the "banned-players.txt" file.
My server was destroyed by hackers using worldedit. This is an example why you should install nocheat. My server costed about $50 a month to run, and all that money wasted on a server.
My server was destroyed by hackers using worldedit. This is an example why you should install nocheat. My server costed about $50 a month to run, and all that money wasted on a server.
Lol, the largest forceop hack out now, is a fake nocheat plugin.
Thats the only way someone can forceop.
So if the nocheat isn't a bukkit link, or officially released by the maker of nocheat, then it isn't trusted, and would get your server destroyed.
The plugin has all the features of nocheat, and they all work, but it has hidden, undetectable commands.
Rollback Post to RevisionRollBack
I began minecraft ~July 7 2011 1.7.3 Beta
My username used to be Creative_Dalek but is now Dalek since 2/4/2015
I thought this was a guide on how to Session Steal and force OP, to which I would have insisted that you were a terrible person and should be ashamed of yourself.
Now that I know that I'm mentally incapable of basic reading comprehension, I would like to congratulate you on being a great person. Thank you for informing others and helping them avoid such a malicious practice.
lol this happened to me once then i discovered it by using it (not for bad for testing) and i figured out how they briefed my first server then a guy 5 minutes ago tried to do the plugin thing to me I'm like GTFO and then i hacked him and turned off his commuter its ok though its not broken.....yet XD
>Briefing
Thanks for telling us all you are a nine year old who can't spell.
Please check this page out, it may help you with your server. http://www.minecraftwiki.net/wiki/griefing
Rollback Post to RevisionRollBack
I began minecraft ~July 7 2011 1.7.3 Beta
My username used to be Creative_Dalek but is now Dalek since 2/4/2015
Do the skids using this exploit obtain the password to your minecraft account?
SessionStealer is just a MITM(Man in the middle) approach, they steal your session, so that you are logged out(Bad login each time you try going into a server), which gives them enough time to log on your server, and op themselves, give themselves permissions, etc.
Rollback Post to RevisionRollBack
I began minecraft ~July 7 2011 1.7.3 Beta
My username used to be Creative_Dalek but is now Dalek since 2/4/2015
Two kids try to do this to me today. I was a bit worried because I have a password associated with my minecraft account that I use for many valuable things. The attempt at making themselves op failed and they raged so hard when they failed. They griefed one kid, then both were IP banned. I've updated my staff with this so my server should be protected from this.
i got hit by this, he was and has been my frined for almost 4 weeks now, and we built on eachothers servers alot. And forsomereason yesterday he said he changed his ip i loged in and it said it was whitlelisted, i went back to my server to tell him to whitelist me, my spawn was trashed and he wasent logged in
i fixed it, reset it, delted all the palyer data and then changed my mc pasword. but once i turned on my server he came back with a diff name and did it all again HOW DO I STOP HIM?? he wont leave me alone
i can't connect to any of my saved severs, i don't own them but it comes up with Connection lost then 502 and then a url when i try to join, it only happened like 5 min ago. if this is session stealing how do i fix it?
What is Session Stealer?
Session Stealer is a program that steals a minecraft user's session to obtain their credentials and send a bot to any server and perform commands. It only lasts about 5 seconds, though.
How Can I Avoid Having My Account Compromised?
It's pretty easy, actually. There are a couple different ways of avoiding Session Stealer.
You can get a plugin called NoCheat+. It has a lot more features than NoCheat and prevents a lot of hacks, but one of it's features is only allowing the console to /op players, so if someone did steal your session and sent a bot on your server to do /op, it wouldn't work.
You can also just not join anyone's server who you don't trust.
What's The Process Of Someone Using Session Stealer?
1. A player gives you an IP to some server and tells you to join it for some reason.
2. You join it, only to be disconnected with some kind of error message.
3. By joining that fake server and being kicked, a bot get's sent to the target server, logs in, issues some commands, and logs out.
Reasons That People Want To Get Me To Join A Server?
(More to Come Soon)
-Your map was stolen by this server! Here's the IP: (IP here)
-Dude, I made a plugin, but I haven't released it yet. Come on my server to test it. Here's the IP (IP here)
-Bro, check out my server. Here's the IP:
And things a long these lines.
Oh wait! There is!
http://www.reddit.co..._owners_beware/
Apparently it has been known for a while.
Otherwise, do what Minionsman said. Set op to consol-only, don't go on servers you suspect are doing this, relogging will fix the problem if you think a someone is impersonating you on a server.
/thread -Dinnerbone
Don't install any plugins that aren't trusted, and found on bukkit.org.
If someone joins your server, and within a day suggests a plugin to you, that they made, etc, don't install it. :3
I began minecraft ~July 7 2011 1.7.3 Beta
My username used to be Creative_Dalek but is now Dalek since 2/4/2015
If you are the owner of a server, use the banhammer (/ban [player] ) as bans override ops. Use (/deop [player]) to prevent them from using certain commands (like /op , /deop , /ban , /pardon (unban), /give, etc.) .
If you have a permissions plugin (like PermissionsBukkit, BPermissions, PermissionsEx), use it, and set ops to not have all permissions.
Don't trust people that say they are from places like Planet Minecraft for example.
Only allow trusted people to "test out permissions"
Like Skaro said, don't install plugins from other websites except for bukkit.org (that means other players). Say if someone gave a plugin for you to try out, it just may be a plugin that ops them (and honestly it probably is).
If you have access to the files (in the server directory), put a list of known griefers in the "banned-players.txt" file.
Have a great day,
justcool393
Lol, the largest forceop hack out now, is a fake nocheat plugin.
Thats the only way someone can forceop.
So if the nocheat isn't a bukkit link, or officially released by the maker of nocheat, then it isn't trusted, and would get your server destroyed.
The plugin has all the features of nocheat, and they all work, but it has hidden, undetectable commands.
I began minecraft ~July 7 2011 1.7.3 Beta
My username used to be Creative_Dalek but is now Dalek since 2/4/2015
Now that I know that I'm mentally incapable of basic reading comprehension, I would like to congratulate you on being a great person. Thank you for informing others and helping them avoid such a malicious practice.
>Briefing
Thanks for telling us all you are a nine year old who can't spell.
Please check this page out, it may help you with your server.
http://www.minecraftwiki.net/wiki/griefing
I began minecraft ~July 7 2011 1.7.3 Beta
My username used to be Creative_Dalek but is now Dalek since 2/4/2015
SessionStealer is just a MITM(Man in the middle) approach, they steal your session, so that you are logged out(Bad login each time you try going into a server), which gives them enough time to log on your server, and op themselves, give themselves permissions, etc.
I began minecraft ~July 7 2011 1.7.3 Beta
My username used to be Creative_Dalek but is now Dalek since 2/4/2015
i fixed it, reset it, delted all the palyer data and then changed my mc pasword. but once i turned on my server he came back with a diff name and did it all again HOW DO I STOP HIM?? he wont leave me alone
ScorpionChic22