Thursday, September 5, 2013

PSA : Minecraft Server Exploit Discovered, Update Immediately! Minecraft Blog

PSA : Minecraft Server Exploit Discovered, Update Immediately!

  • 8,197
    Views, 8,196 today
  • 206
    Comments
  • 21
    Favorites
  • Flag / Report

Get Embed Code

avatarPMC
Level 60 : High Grandmaster Crafter
Posted about 11 hours ago
09/04/13
Hi there, everybody.

This is just a quick PSA to let everybody know that a recent exploit in servers has caused a bit of a storm on many servers - including our own beloved PMC Server. The issue affects CraftBukkit (and any implementations of it thereof) and vanilla servers - so no matter what server you are running, I recommend you read this post.

The exploit allowed them to log in as any user on the server, causing havoc and doing as they please. Luckily, due to the efforts of md_5, Dinnerbone and others, a patch was quickly devised and rolled out to many affected implementations.

PMC urges you to update your version of CraftBukkit/Spigot/etc to their latest safest development build.

For CraftBukkit, go here:http://dl.bukkit.org/downloads/craftbukkit/(any build after #2864)
For Spigot, upgrade to at least version 1090

For information on how this all "started", the original Reddit thread is here:http://www.reddit.com/r/admincraft/comments/1llt2h/craftbukkit_fix_for_authentication_exploit/

Please note though that while this will close this hole, there may still be others, and I don't really want owners to think they are completely 100% safe from something like this ever happening again. Please take precautionary measures in protecting your moderator/administrator accounts on your own servers. Plugins such as SecuritySystem by Lord_Ralex of MinecraftForums (http://ae97.net/projects/securitysystem/) will lock users by their IP and deny entry until another administrator can approve their IP change. There are many other similar systems on BukkitDev, but this is the one we're using on the PMC Server as of now.

Thanks,
-P

No comments :