Hello minecraft forums! This is idfarms, owner of ICMC pure survival.
Yesterday my server got a few people logged in and they got OP'd and deleted my spawn. Today I fixed spawn and then I logged in from another location. (My server is online-mode:true) Then 3 people were OP'd and being I have three different accounts I banned my main account and deopped myself and the other players.
Now I have no one OP and all my staff is set to the lowest ability just to ban people.
There has been over 100 people banned and I have lost TONS of players. My server hosting company is not helping me for some unknown reason, and this is the last place for me to turn. If anyone can help me PLEASE provide a solution.
My guess is that I logged into a server and they got my IP and are using my account to log in and OP/DEOP anyone they like...
Well obviously this is a personal problem, so I would suggest using something (a plugin) to only make it so you can login with your ip only. People are probably using the exploit to get into op'ed accounts and op'ing other players.
Assuming you have a website for your server, put up a notice about whats going on and whitelist the server. Only whitelist the people you have seen before or have a credible person supporting them.
Leave the server whitelisted for a week or two and the hackers will probably give up.
As an extra "security" measure I would make a backup of the world until the hackers are gone.
If you are still having this problem, you could get an authentication plugin. This makes people register with a password and every time the player logs on they will have to login with that password. I would recommend using AuthMe Reloaded.
What I would suggest is white-listing the server, and then installing the plugin authme reloaded as then each user has a password to login into the server. Set yourself a strong password containing at least one capital letter, and one number, but if you can avoid using sequences of number or letters e.g. 123 or abc as these are commonly used.
He said the server was fixed... Also, I don't think authme is a good fix for the situation, as it is in online mode, so unless someone had your account password, the issue would not exist. It's just another authentication which is, IMO, unnecessary..
The issue lied in the CraftBukkit authentication glitch, and the OP updated his client.