hack my server

Question

hack my server

Closed this issue 8 years ago · 11 comments

KonoromiHimaries commented 8 years ago

this configuration not protect my server

# If the vanilla OP system is enabled. If set to false, all users will be de-opped, and the op/deop commands will be disabled.
enable-ops: false

# If set to true, any user with the permission "luckperms.autoop" will automatically be granted server operator status.
# This permission can be inherited, or set on specific servers/worlds, temporarily, etc.
# Additionally, setting this to true will force the "enable-ops" option above to false. All users will be de-opped unless
# they have the permission node, and the op/deop commands will be disabled.
#
# It is important to note that this setting is only checked when a player first joins the server, and when they switch
# worlds. Therefore, simply removing this permission from a user will not automatically de-op them. A player needs to
# relog to have the change take effect.
#
# It is recommended that you use this option instead of assigning a single '*' permission.
auto-op: false

# If opped players should be allowed to use LuckPerms commands. Set to false to only allow users who have the permissions access to the commands
commands-allow-op: false

hacker used:

/pt op <nick>

and hacked my server
you can fix it?

lucko · Answer 1 · 2017-09-02T21:27:24.000Z

That option doesn't protect against commands executed by the console.

KonoromiHimaries · Answer 2 · 2017-09-02T21:37:36.000Z

could you add the option which protect commands made in the console? or anything

BrainStone · Answer 3 · 2017-09-02T21:53:01.000Z

You could not give anyone the permissions to run /pt

KonoromiHimaries · Answer 4 · 2017-09-02T22:03:49.000Z

i not gived anyone operator permissions

hacker join to hub server at me account (not veryfication yet), went to another server, used /pt op nickname, used /lp user nickname group set admin, and have all operator permissions on all servers in this network

to fix, i install onlyproxy plugin on all spigot servers, and BlockServerCMDs on bungee server
https://www.spigotmc.org/resources/blockservercmds.9349/

i thinking luck perms must protect against this

RJHaytree · Answer 5 · 2017-09-02T22:40:25.000Z

Luckperms can't prevent console from doing something which console is designed to do. Console has all permissions and not much can be done about that in the slightest.

merj edit: Bugger! I didn't realise my phone was hooked to my personal account xD

BrainStone · Answer 6 · 2017-09-02T22:40:46.000Z

No. You need to set up your permissions properly. And your bungeecord network.

KonoromiHimaries · Answer 7 · 2017-09-02T22:58:17.000Z

luckperms can be at the same function as have a BlockServerCMD plugin

BrainStone · Answer 8 · 2017-09-02T23:07:58.000Z

It's a permission plugin. Nothing else. So no.

lucko · Answer 9 · 2017-09-03T12:37:25.000Z

i not gived anyone operator permissions
hacker join to hub server at me account (not veryfication yet), went to another server, used /pt op nickname, used /lp user nickname group set admin, and have all operator permissions on all servers in this network

What you're suggesting still wouldn't fix the problem, as they could just use /pt lp user .....

Gonaaal · Answer 10 · 2023-01-01T21:12:38.000Z

it was /ept y think, y was raided

BrainStone · Answer 11 · 2023-01-07T03:04:51.000Z

As mentioned 5 years ago, the solution is to make sure people either can't use the powertool or to restrict the allowed commands on it.

The former is done through permissions (which are your responsibility to set up properly) and the latter is done through the EssentialsX config (which is also your responsibility).

Share to