General Announcements » Server security breach.
The server was taken down at 8:41PM, and came back up at 11:20PM (EST) on 06/09/2013.
This was a precautionary measure as two members of staff discovered that a couple of players had taken advantage of a Spigot authentication exploit.
Various plugin commands were run, and while obvious that the person/s running those commands had almost no idea what they were doing, they went undiscovered for approximately 1.5 hours.
Luckily, myself and RubblePile and ocelotpotpie were around and all damage and edits have been fixed/restored, and the offending users and IPs have been banned. The server has also been patched to hopefully defend against the exploit.
If you were unjustly killed, you should have been ressed, if you are missing anything, let us know in the forums.
Thank-you RubblePile and ocelotpotpie for helping to restore order, and spotting the breach.
Any idea on how they found the exploit? and just out of curiosity, where were the IP adresses located?
The exploit was/is a known Minecraft issue. It was announced about a week ago and started gaining traction since.
The exploit was publicised.
Why was the server not updated before something happened?