It's also possible that A. Verify Names = False and that person is an op in your admins.txt B. They are really using some hack that exploits something or sends some packet in which allows them to use that command or grant them op.
Well, this is a pretty critical situation. Should the hack spread, we'll have an epidemic on our hands. D:
* RED ALERT, RED ALERT WE HAVE A HACKER IN THE VICINITY, ALL OPERATIVES REPORT TO BATTLE STATIONS. THIS IS NOT A DRILL, I REPEAT, THIS IS NOT A DRILL. *
We don't even know what it is or where people are getting it.
I have a copy of it and the download link. I thought that someone would have already notified Notch, but I'll email him if someone can give me his email adress.
You got a copy of the hack? Yeah, I'd email that right away as well as camping the IRC in hopes he shows up there, this is not a good thing
*helps Zuriki set up more missiles!*
So is it a real hack or just the verify-names thing?
Rollback Post to RevisionRollBack
<TrueWolves> That's what I meant Iguana, I'm like an Extra+, to just fill in tiny cracks... right?
<Iguana> YUS. <Iguana> BUT WE NEED YOU
<Iguana> You are like...Billy Mays Mighty Putty. (trademarked)
IRC quote on the Minecraft Machinima
no one would bother with brute force on this game anyways. This is clearly just abuse of name spoofing. They spoofed an op probably the previous time you had your server up(with verify names off), oped their username, and waited till you restarted and the log reset.
Notch's admin checking code is rock solid, they didn't just "magically" appear as ops, the username must have already been in it.
I can't believe Notch has been this lazy or slow that hes let this glitch sit for this long. He doesn't even need to update the damn server, he could easily duplicate the web based external url generating script and substitute the ip with a loop back ip so people wouldn't have to turn verify names off.
Proxies, inside jobs, phishing, verify names, and I haven't looked into it, but the passwords might be stored in an accessible (through hacking) location. Also, bad .exe's can do this, but unless you do "C:// Minecraft/minecraft-server, you are safe from that :tongue.gif:
Proxies, inside jobs, phishing, verify names, and I haven't looked into it, but the passwords might be stored in an accessible (through hacking) location. Also, bad .exe's can do this, but unless you do "C:// Minecraft/minecraft-server, you are safe from that :tongue.gif:
passwords are encrypted, it doesn't matter if you find it or not, you still need the encryption algorithm.
Proxies, inside jobs, phishing, verify names, and I haven't looked into it, but the passwords might be stored in an accessible (through hacking) location. Also, bad .exe's can do this, but unless you do "C:// Minecraft/minecraft-server, you are safe from that :tongue.gif:
passwords are encrypted, it doesn't matter if you find it or not, you still need the encryption algorithm.
lolwut? First of all, the only place passwords are stored is on the central Minecraft server. Notch has confirmed that it's encrypted and salted, I assume using MD5, though it may be another method. IT would be very easy to tell if someone hacked the database, and while there is no way to reverse engineer MD5 or other popular salted hashes, a brute force attack on all the hashes would be moderately fast and find the password. Because it's all local, it would be miles faster than brute forcing the webserver, and unable to be stopped.
Also, Notch has confirmed, and has yet to fix the cookie issue. Passwords are stored in your cookies in 100% plaintext, and any noob writing a cookie stealer can look them straight in the face. I've tried in the past to communicate the seriousness of this to Notch, and I think he got it. But what I said before about using an opnet and verify-names stands (verify-names -> op 100 of your usernames -> they op more of your alts). In which case, purge your admins.txt.
any noob writing a cookie stealer can look them straight in the face.
A cookie nommer? OH NOEZ
Dif could be da end of da gaem fer meh :biggrin.gif:
But in all seriousness, cookie stealers?
This is my reaction:
Rollback Post to RevisionRollBack
Citricsquid vandalized this space. It has been sterilized ever since.
"Master Cheif! What did I tell you about humping posts?!"
My Steam ID Is: jjchrizzles
the person gains admin powers with out being an admin then can op them selves
this is 2x in 10 min this has happened i have pic of it http://i30.tinypic.com/2dtp1d.jpg
they tried to ban my OPs but lucky i whatch my logs CLOSELY
after i IPbanned him he managed to rejoin with in 3 min
but baning seems to be effective
in the pic ._______. and McDonhammer
are the haxors
this could instantly destroy my server in a matter of minits
they arnt OPs but they have the power of the OP
Quality of output = Skill * Effort
Former #minecraft channel operator.
14:13:57 Loading level
14:14:02 Now accepting input on 25565
14:14:03 Level saved! Load: 0/25
14:14:03 To connect directly to this server, surf to: http://www.minecraft.net/play.jsp?serve ... 1f2d7d5ace
14:14:03 (This is also in externalurl.txt)
14:14:11 /192.168.1.1 connected
14:14:11 /192.168.1.1 logged in as Soulseeker
14:14:18 /87.167.62.174 connected
14:14:18 /87.167.62.174 logged in as .______.
14:14:33 Soulseeker admins: banip .______.
14:14:33 Kicking .______. (/87.167.62.174): You were banned
14:14:33 .______. (/87.167.62.174) disconnected
14:14:37 Soulseeker admins: solid
14:14:42 /88.69.63.143 tried to connect, but is banned.
14:15:09 /88.69.63.143 tried to connect, but is banned.
14:15:13 Level saved! Load: 1/25
14:15:30 /71.175.69.38 connected
14:15:30 /71.175.69.38 logged in as TakeTheKTrain
14:15:38 Soulseeker admins: op TakeTheKTrain
14:15:47 TakeTheKTrain says: Woot
14:16:04 Soulseeker says: can u get sarah back?
14:16:06 TakeTheKTrain admins: say Yay!
14:16:12 TakeTheKTrain says: I'll try?
14:16:15 Soulseeker says: ok
14:16:24 Level saved! Load: 2/25
14:16:31 TakeTheKTrain (/71.175.69.38) lost connection suddenly. (java.io.IOException: An existing connection was forcibly closed by the remote host)
14:16:31 TakeTheKTrain (/71.175.69.38) disconnected
14:16:40 /87.167.62.174 tried to connect, but is banned.
14:17:34 Level saved! Load: 1/25
14:18:44 Level saved! Load: 1/25
14:19:12 /82.40.85.95 connected
14:19:12 /82.40.85.95 logged in as Luzak
14:19:34 Luzak says: let me out
14:19:51 Soulseeker says: u gonna b good?
14:19:54 Level saved! Load: 2/25
14:19:55 Soulseeker admins: solid
14:19:56 Luzak says: yes
14:19:58 Soulseeker admins: solid
14:20:08 Luzak says: thantks you
14:20:15 Luzak says: thanks
14:20:19 Soulseeker says: np
14:20:34 Luzak says: where you from?
14:20:51 Soulseeker says: that doesnt matter i didnt make those flags
14:21:04 Level saved! Load: 2/25
14:21:05 Soulseeker says: lol
14:21:28 Soulseeker says: wat flag?
14:21:34 Luzak says: polish
14:21:36 Soulseeker says: ok
14:22:11 /84.59.152.196 connected
14:22:11 /84.59.152.196 logged in as svw
14:22:12 svw (/84.59.152.196) lost connection suddenly. (java.io.IOException: An existing connection was forcibly closed by the remote host)
14:22:12 svw (/84.59.152.196) disconnected
14:22:14 Level saved! Load: 2/25
14:22:16 Luzak says: ok complete
14:22:31 Soulseeker says: YAY that was easy lol
14:22:32 /84.59.152.196 connected
14:22:32 /84.59.152.196 logged in as McDonhammer
14:22:40 McDonhammer (/84.59.152.196) lost connection suddenly. (java.io.IOException: An existing connection was forcibly closed by the remote host)
14:22:40 McDonhammer (/84.59.152.196) disconnected
14:22:49 Soulseeker admins: banip mcdonhammer
14:23:00 Luzak says: yes is very easy
14:23:07 Luzak says: Im from polish!
14:23:23 Level saved! Load: 2/25
14:23:51 Soulseeker says: no swatsikas
14:24:01 Luzak says: this is no swatiskias
14:24:06 Soulseeker says: ok lol
14:24:11 /84.59.152.196 connected
14:24:11 /84.59.152.196 logged in as Hool.
14:24:33 Level saved! Load: 3/25
14:25:19 /87.167.64.213 connected
14:25:19 /87.167.64.213 logged in as F4c0grnm
14:25:43 Level saved! Load: 4/25
14:25:54 /84.59.152.196 connected
14:25:54 /84.59.152.196 logged in as svw
14:26:15 svw admins: op hool.
14:26:19 svw (/84.59.152.196) lost connection suddenly. (java.io.IOException: An existing connection was forcibly closed by the remote host)
14:26:19 svw (/84.59.152.196) disconnected
14:26:33 F4c0grnm says: hello
14:26:34 Hool. admins: op f4c0grnm
14:26:37 Hool. says: Hi
14:26:37 Luzak says: hay
14:26:41 Soulseeker says: hello
14:26:41 Luzak says: Hi
14:26:48 Hool. (/84.59.152.196) lost connection suddenly. (java.io.IOException: An existing connection was forcibly closed by the remote host)
14:26:48 Hool. (/84.59.152.196) disconnected
14:26:48 Soulseeker admins: solid
14:26:51 /84.59.152.196 connected
14:26:51 /84.59.152.196 logged in as Hool.
14:26:53 Level saved! Load: 4/25
14:26:56 Soulseeker admins: solid
14:27:06 /87.167.64.213 connected
14:27:06 Kicking F4c0grnm (/87.167.64.213): You logged in from another computer.
14:27:06 /87.167.64.213 logged in as F4c0grnm
14:27:07 F4c0grnm (/87.167.64.213) disconnected
14:27:20 Hool. admins: unban Niki
14:27:44 Hool. admins: unban terzu
14:27:48 F4c0grnm admins: solid
14:27:55 Hool. admins: solid
14:28:02 Level saved! Load: 4/25
14:28:05 F4c0grnm says: ty
14:28:14 Luzak says: Im build polish office
14:28:16 Hool. says: thanks
14:28:20 Soulseeker says: is there an admin here?
14:28:46 Hool. says: im not an admin
14:28:53 Luzak says: im not an admin
14:28:57 Soulseeker says: how did u guys get out?
14:29:04 Soulseeker says: admin let me out
14:29:07 Hool. says: the spawn was open
14:29:11 Level saved! Load: 4/25
14:29:32 Soulseeker admins: tp F4c0grnm
14:29:43 Soulseeker admins: tp Hool.
14:30:20 Level saved! Load: 4/25
14:30:40 Soulseeker says: the spawn is closed now tho
14:31:05 Soulseeker admins: tp F4c0grnm
14:31:13 Luzak says: bye bye
14:31:18 Luzak says: cya
14:31:21 Soulseeker admins: tp Luzak
14:31:24 Soulseeker says: cya
14:31:30 Level saved! Load: 4/25
14:31:33 Soulseeker admins: tp Hool.
14:31:41 F4c0grnm admins: solid
14:32:01 Soulseeker admins: tp F4c0grnm
14:32:12 Soulseeker admins: tp Hool.
14:32:40 Level saved! Load: 4/25
14:33:06 Luzak (/82.40.85.95) lost connection suddenly. (java.io.IOException: An existing connection was forcibly closed by the remote host)
14:33:06 Luzak (/82.40.85.95) disconnected
14:33:26 Soulseeker admins: tp Hool.
14:33:43 Soulseeker admins: tp F4c0grnm
14:33:50 Level saved! Load: 3/25
14:33:52 Soulseeker admins: tp F4c0grnm
14:33:56 Soulseeker admins: tp Hool.
14:34:07 Soulseeker says: build something
14:34:14 Hool. admins: solid
14:34:26 F4c0grnm admins: deop soulseeker
14:34:44 Soulseeker (/192.168.1.1) lost connection suddenly. (java.io.IOException: An existing connection was forcibly closed by the remote host)
14:34:44 Soulseeker (/192.168.1.1) disconnected
14:34:57 F4c0grnm admins: deadmin soulseeker
14:35:00 Level saved! Load: 2/25
14:35:04 /192.168.1.1 connected
14:35:04 /192.168.1.1 logged in as Mr.Wiener
14:35:18 Mr.Wiener admins: banip Hool.
14:35:18 Kicking Hool. (/84.59.152.196): You were banned
14:35:18 Hool. (/84.59.152.196) disconnected
14:35:22 Mr.Wiener admins: banip F4c0grnm
14:35:22 Kicking F4c0grnm (/87.167.64.213): You were banned
14:35:22 F4c0grnm (/87.167.64.213) disconnected
14:35:34 Mr.Wiener says: they were banned for deoping for no reason
14:35:41 Mr.Wiener admins: op Soulseeker
14:35:45 Mr.Wiener (/192.168.1.1) lost connection suddenly. (java.io.IOException: An existing connection was forcibly closed by the remote host)
14:35:45 Mr.Wiener (/192.168.1.1) disconnected
14:35:59 /192.168.1.1 connected
14:35:59 /192.168.1.1 logged in as Soulseeker
14:36:10 Level saved! Load: 1/25
14:36:11 Soulseeker admins: solid
14:37:20 Level saved! Load: 1/25
14:37:42 /84.59.152.196 tried to connect, but is banned.
14:38:30 Level saved! Load: 1/25
14:38:58 /87.167.64.213 tried to connect, but is banned.
14:39:26 Soulseeker (/192.168.1.1) lost connection suddenly. (java.io.IOException: An existing connection was forcibly closed by the remote host)
14:39:26 Soulseeker (/192.168.1.1) disconnected
14:39:39 Level saved! Load: 0/25
14:39:51 /77.97.161.190 connected
14:39:51 /77.97.161.190 logged in as robinson
14:40:10 robinson admins: solid
14:40:49 Level saved! Load: 1/25
14:41:59 Level saved! Load: 1/25
14:43:09 Level saved! Load: 1/25
14:44:19 Level saved! Load: 1/25
14:45:29 Level saved! Load: 1/25
14:46:39 Level saved! Load: 1/25
14:47:49 Level saved! Load: 1/25
14:48:59 Level saved! Load: 1/25
14:50:08 Level saved! Load: 1/25
14:51:18 Level saved! Load: 1/25
14:52:28 Level saved! Load: 1/25
14:53:38 Level saved! Load: 1/25
14:54:48 Level saved! Load: 1/25
14:54:50 robinson (/77.97.161.190) lost connection suddenly. (java.io.IOException: An existing connection was forcibly closed by the remote host)
14:54:50 robinson (/77.97.161.190) disconnected
14:55:58 Level saved! Load: 0/25
14:57:08 Level saved! Load: 0/25
14:58:18 Level saved! Load: 0/25
14:59:28 Level saved! Load: 0/25
15:00:39 Level saved! Load: 0/25
15:01:48 Level saved! Load: 0/25
15:02:59 Level saved! Load: 0/25
15:04:08 Level saved! Load: 0/25
15:05:18 Level saved! Load: 0/25
15:06:27 Level saved! Load: 0/25
15:07:37 Level saved! Load: 0/25
15:07:39 /69.41.87.246 tried to connect, but is banned.
15:08:47 Level saved! Load: 0/25
15:09:57 Level saved! Load: 0/25
15:11:07 Level saved! Load: 0/25
mr.wienner is soulseeker aka my lil bro
but this log is after i reset server :sad.gif:
Verify Names = True
* RED ALERT, RED ALERT WE HAVE A HACKER IN THE VICINITY, ALL OPERATIVES REPORT TO BATTLE STATIONS. THIS IS NOT A DRILL, I REPEAT, THIS IS NOT A DRILL. *
* MISSILE SILO OPEN, LAUNCHING NOTCH IN 3, 2, 1... *
Sorry, I just found that amusing to picture in my head. :biggrin.gif:
Relic of a bygone age.
Ain't no party like a [SSSS] party 'cause a [SSSS] party [VV] [tnt]!
Quality of output = Skill * Effort
I have a copy of it and the download link. I thought that someone would have already notified Notch, but I'll email him if someone can give me his email adress.
*helps Zuriki set up more missiles!*
So is it a real hack or just the verify-names thing?
<Iguana> YUS. <Iguana> BUT WE NEED YOU
<Iguana> You are like...Billy Mays Mighty Putty. (trademarked)
IRC quote on the Minecraft Machinima
As a secondary check, try test on JTE's server, to see if it's the protocol in general.
Quality of output = Skill * Effort
my passwords are realy strong too brute force takes 2.3 years to complete
*note* im NOT running any other admin tools
i was but i decided that i did not like them so i removed them
so how ever they are getting in is pure minecraft defaults (besideds ports)
i need to buy a flare gun and shoot a flare into the air to get notches attention
welp how ever they did it they where not op
they gained the power of op then op'ed them selves
i hope that helps in some way
Notch's admin checking code is rock solid, they didn't just "magically" appear as ops, the username must have already been in it.
I can't believe Notch has been this lazy or slow that hes let this glitch sit for this long. He doesn't even need to update the damn server, he could easily duplicate the web based external url generating script and substitute the ip with a loop back ip so people wouldn't have to turn verify names off.
passwords are encrypted, it doesn't matter if you find it or not, you still need the encryption algorithm.
lolwut? First of all, the only place passwords are stored is on the central Minecraft server. Notch has confirmed that it's encrypted and salted, I assume using MD5, though it may be another method. IT would be very easy to tell if someone hacked the database, and while there is no way to reverse engineer MD5 or other popular salted hashes, a brute force attack on all the hashes would be moderately fast and find the password. Because it's all local, it would be miles faster than brute forcing the webserver, and unable to be stopped.
Also, Notch has confirmed, and has yet to fix the cookie issue. Passwords are stored in your cookies in 100% plaintext, and any noob writing a cookie stealer can look them straight in the face. I've tried in the past to communicate the seriousness of this to Notch, and I think he got it. But what I said before about using an opnet and verify-names stands (verify-names -> op 100 of your usernames -> they op more of your alts). In which case, purge your admins.txt.
A cookie nommer? OH NOEZ
Dif could be da end of da gaem fer meh :biggrin.gif:
But in all seriousness, cookie stealers?
This is my reaction:
Citricsquid vandalized this space. It has been sterilized ever since.
"Master Cheif! What did I tell you about humping posts?!"
My Steam ID Is: jjchrizzles