Categories
Anything

PSA : Minecraft Server Exploit Discovered, Update Immediately! Minecraft Blog

PSA : Minecraft Server Exploit Discovered, Update Immediately!

http://platform.twitter.com/widgets/tweet_button.1378258117.html#_=1378363450887&count=horizontal&id=twitter-widget-0&lang=en&original_referer=http%3A%2F%2Fwww.planetminecraft.com%2Fblog%2Fpsa-server-exploit-discovered-update-immediately%2F&size=m&text=PSA%20%3A%20%23Minecraft%20Server%20Exploit%20Discovered%2C%20Update%20Immediately!%20%23Minecraft%20Blog&url=http%3A%2F%2Fwww.planetminecraft.com%2Fblog%2Fpsa-server-exploit-discovered-update-immediately%2F&via=PlanetMinecraft

  • 8,197

    Views, 8,196 today

  • 206

    Comments

  • 21

    Favorites

  • Flag / Report

Get Embed Code

avatarPMC
Level 60 : High Grandmaster Crafter
Posted about 11 hours ago
09/04/13
Subscribe
Hi there, everybody.

This is just a quick PSA to let everybody know that a recent exploit in servers has caused a bit of a storm on many servers – including our own beloved PMC Server. The issue affects CraftBukkit (and any implementations of it thereof) and vanilla servers – so no matter what server you are running, I recommend you read this post.

The exploit allowed them to log in as any user on the server, causing havoc and doing as they please. Luckily, due to the efforts of md_5, Dinnerbone and others, a patch was quickly devised and rolled out to many affected implementations.

PMC urges you to update your version of CraftBukkit/Spigot/etc to their latest safest development build.
For CraftBukkit, go here:http://dl.bukkit.org/downloads/craftbukkit/(any build after #2864)
For Spigot, upgrade to at least version 1090
For information on how this all “started”, the original Reddit thread is here:http://www.reddit.com/r/admincraft/comments/1llt2h/craftbukkit_fix_for_authentication_exploit/
Please note though that while this will close this hole, there may still be others, and I don’t really want owners to think they are completely 100% safe from something like this ever happening again. Please take precautionary measures in protecting your moderator/administrator accounts on your own servers. Plugins such as SecuritySystem by Lord_Ralex of MinecraftForums (http://ae97.net/projects/securitysystem/) will lock users by their IP and deny entry until another administrator can approve their IP change. There are many other similar systems on BukkitDev, but this is the one we’re using on the PMC Server as of now.
Thanks,
-P

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s