I need urgent help. I'm being hacked by multiple people. I'm no server n00b, but....
The server is cracked, meaning i use xauth. My guess is that it has some exploit that they used to hack my account and Worldedit everything into destruction. They DDoS me, use proxies, forceOP, ban everyone, and destroy EVERYTHING. Whole world my players worked on is gone. It's a big server, and we are suffering from this. An official griefing team, like Avo has targeted us as well. I truly do not know what to do at this point, and would like to see if you guys could help. Thank you.
Backups, keep them. Always.
If you're using Linux to host the server, you can use cronjobs to automatically back stuff up.
This won't help you now, but it could help you in the future (unless you've got some already).
For now, completely shut off the server. Leave it off for about 12 hours (minimum). It will stop the people from attacking it.
Check for updates for all of your plugins and bukkit. If there is a bug, it hopefully has been fixed by now.
Yes, i make frequent backups. But this guy is dead set on me. He said he won't stop no matter what, even if i change ip and host..
I told him i had a backup. He said the team is waiting.
You could look into this plugin. Unless that player has a permission node they cannot get into the server when it is in lockdown mode. But since you run a cracked server I don't know if this would work out.
“Two things are infinite: the universe and human stupidity; and I'm not sure about the universe.” — Albert Einstein
"Never try to teach a pig to sing; it wastes your time and it annoys the pig." — Robert Heinlein
All you can do from now on is buy a minecraft account and start a legit server, so you don't get hacked.
I have a "real" Minecraft account. It's just that i know how it's like to be cracked, and i enjoy making a good place for them to play on. Not to mention most of my friends are cracked...
That really sucks. I guess you can learn from the experience though. My recommendation in the future is to schedule backups. If it's not a VPS, use MineBackup.
Oh god. This isn't normal griefing...my friend and i just found trojans in our Java folders.
If you can prove there was a ddos attack and they deployed a RAT, they can get into some serious trouble. Verbally request them them to stop and if that doesn't work send him a cease and desist letter. You would probably not go any further than that. As all the other people have said backups and online mode are crucial.
Rollback Post to RevisionRollBack
If you want to make my day follow me on twitter @JackBulfin
Did I help you or do you think I am right? If so remember to click the green button!
Well, i'm truly screwed now. Just went into Multicraft to restore to my backup. They deleted it.
To be honest, I think all that happened was they got into your Multicraft account, letting them access the xAuth database which in turn allows them to login as you and "ForceOP" people (opping them from the Multicraft console).
In regards to DDoS attacks, it's probably not something that you can do anything about, you'd have to contact your provider, however expect to pay a large amount for DDoS protection.
To be honest, I think all that happened was they got into your Multicraft account, letting them access the xAuth database which in turn allows them to login as you and "ForceOP" people (opping them from the Multicraft console).
In regards to DDoS attacks, it's probably not something that you can do anything about, you'd have to contact your provider, however expect to pay a large amount for DDoS protection.
Guys, if you think about it, the people who did this must be good at hacking, or extremely lucky. I don't think Nodus did this though. I highly doubt he had the RAT before also, because it appeared in his Java folder, and minecraft runs on java. The hackers probably got his ip, since he hosted it on his computer, was able to get in his computer, and import the Trojan Horse into his Java folder, which would make it impossible for him to play minecraft due to the viruses that are now in Java. He cant get on his server, or on mc for that matter, and the damage was already done. Even if he changed ips, if that team of hackers could most likely get it, because they probably put in a worm, or they could just get the ip again from the server. Someone must really hate him to do something like this :/
In my opinion, you should use whois on the hackers, find out their ip's, track them back to the host company, and contact that company and tell them about what happened. To protect yourself better, I recommend getting AVG Free Edition 2013, or 2012 if you cant find it, and always keep that on. Also, do this on safe mode so that they cant hack you. Even with your internet up in safe mode, you shuld be okay, unless they ddos you. If they do that, connect your modem directly to your computer, and if it keeps up, I recommend contacting your internet company, and informing them. Ok, thats all
In frequency, how often are they doing this? You are saying there are viruses involved? This is Definitely a Big Issue.
Definately leave the server offline for MORE than 24 hours, this may make them think you just took it down, and find a new server to cause this grief to. Hopefully they will smarten up, and just stop.
Another think to do. Since you say Viruses are Involved, Beef Up your antivirus. As someone said earlier Install Malware Bytes, do a full scan. Also, beef up your firewall.
Get the IP address, and their minecraft name, As another person said, give them a Stern Verbal warning, then a letter.
Talk to your ISP, see if they can help you at all. New IP address, if you are home hosting, then i think you can un-plug your router amd get a New IP, but i am not sure, if it is hosted, talk to the host, explain, and see what they can do.
I hope this gets resolved for you. and your troubles go away quickly, ill be watching this thread for any news. God Luck.
For DDOS, Use this: http://freedns.afraid.org/
For ForceOp, Update your server to 1.3.2 or later, Jeb fixed that.
For them logging on as you, change your password
For destruction, Keep backups! Back up every day or so...
DNS name just makes it more easy for them to get the servers real IP. Only fake hops "Cloudflare" will delay or stop DDoS, or true hardware level protection.
If they logging in as others, server is A: In offline mode, owners fault. B: Your account or that persons account has been hacked or highjacked.
The server is cracked, meaning i use xauth. My guess is that it has some exploit that they used to hack my account and Worldedit everything into destruction. They DDoS me, use proxies, forceOP, ban everyone, and destroy EVERYTHING. Whole world my players worked on is gone. It's a big server, and we are suffering from this. An official griefing team, like Avo has targeted us as well. I truly do not know what to do at this point, and would like to see if you guys could help. Thank you.
~ A distressed server owner.
*They are using my account to hack*
If you're using Linux to host the server, you can use cronjobs to automatically back stuff up.
This won't help you now, but it could help you in the future (unless you've got some already).
For now, completely shut off the server. Leave it off for about 12 hours (minimum). It will stop the people from attacking it.
Check for updates for all of your plugins and bukkit. If there is a bug, it hopefully has been fixed by now.
I told him i had a backup. He said the team is waiting.
He lives in Greece, and I In America. Don't know if it would work, but i will try. Thanks
"Never try to teach a pig to sing; it wastes your time and it annoys the pig." — Robert Heinlein
I have a "real" Minecraft account. It's just that i know how it's like to be cracked, and i enjoy making a good place for them to play on. Not to mention most of my friends are cracked...
Oh god. This isn't normal griefing...my friend and i just found trojans in our Java folders.
Did I help you or do you think I am right? If so remember to click the green button!
To be honest, I think all that happened was they got into your Multicraft account, letting them access the xAuth database which in turn allows them to login as you and "ForceOP" people (opping them from the Multicraft console).
In regards to DDoS attacks, it's probably not something that you can do anything about, you'd have to contact your provider, however expect to pay a large amount for DDoS protection.
You could always keep backups in the future and switch off your server for now
In my opinion, you should use whois on the hackers, find out their ip's, track them back to the host company, and contact that company and tell them about what happened. To protect yourself better, I recommend getting AVG Free Edition 2013, or 2012 if you cant find it, and always keep that on. Also, do this on safe mode so that they cant hack you. Even with your internet up in safe mode, you shuld be okay, unless they ddos you. If they do that, connect your modem directly to your computer, and if it keeps up, I recommend contacting your internet company, and informing them. Ok, thats all
In frequency, how often are they doing this? You are saying there are viruses involved? This is Definitely a Big Issue.
Definately leave the server offline for MORE than 24 hours, this may make them think you just took it down, and find a new server to cause this grief to. Hopefully they will smarten up, and just stop.
Another think to do. Since you say Viruses are Involved, Beef Up your antivirus. As someone said earlier Install Malware Bytes, do a full scan. Also, beef up your firewall.
Get the IP address, and their minecraft name, As another person said, give them a Stern Verbal warning, then a letter.
Talk to your ISP, see if they can help you at all. New IP address, if you are home hosting, then i think you can un-plug your router amd get a New IP, but i am not sure, if it is hosted, talk to the host, explain, and see what they can do.
I hope this gets resolved for you. and your troubles go away quickly, ill be watching this thread for any news. God Luck.
For DDOS, Use this: http://freedns.afraid.org/
For ForceOp, Update your server to 1.3.2 or later, Jeb fixed that.
For them logging on as you, change your password
For destruction, Keep backups! Back up every day or so...
That won't do anything...that just adds a name to your IP address (to put it simply)
DNS name just makes it more easy for them to get the servers real IP. Only fake hops "Cloudflare" will delay or stop DDoS, or true hardware level protection.
If they logging in as others, server is A: In offline mode, owners fault. B: Your account or that persons account has been hacked or highjacked.