Hi there, everybody.
This is just a quick PSA to let everybody know that a recent exploit in servers has caused a bit of a storm on many servers – including our own beloved PMC Server. The issue affects CraftBukkit (and any implementations of it thereof) and vanilla servers – so no matter what server you are running, I recommend you read this post.
The exploit allowed them to log in as any user on the server, causing havoc and doing as they please. Luckily, due to the efforts of md_5, Dinnerbone and others, a patch was quickly devised and rolled out to many affected implementations.
PMC urges you to update your version of CraftBukkit/Spigot/etc to their latest safest development build.
For Spigot, upgrade to at least version 1090
Please note though that while this will close this hole, there may still be others, and I don’t really want owners to think they are completely 100% safe from something like this ever happening again. Please take precautionary measures in protecting your moderator/administrator accounts on your own servers. Plugins such as SecuritySystem by Lord_Ralex of MinecraftForums (http://ae97.net/projects/securitysystem/
) will lock users by their IP and deny entry until another administrator can approve their IP change. There are many other similar systems on BukkitDev, but this is the one we’re using on the PMC Server as of now.