General Announcements » Server security breach.

1 
Page 1 of 1
foxitude Player
Posted Sep 06 2013, 11:49 PM

The server was taken down at 8:41PM, and came back up at 11:20PM (EST) on 06/09/2013.

This was a precautionary measure as two members of staff discovered that a couple of players had taken advantage of a Spigot authentication exploit.

Various plugin commands were run, and while obvious that the person/s running those commands had almost no idea what they were doing, they went undiscovered for approximately 1.5 hours.

Luckily, myself and RubblePile and ocelotpotpie were around and all damage and edits have been fixed/restored, and the offending users and IPs have been banned. The server has also been patched to hopefully defend against the exploit.

If you were unjustly killed, you should have been ressed, if you are missing anything, let us know in the forums.

Thank-you RubblePile and ocelotpotpie for helping to restore order, and spotting the breach.

foxi

kTdnG Administrator
Posted Sep 10 2013, 05:30 AM

Any idea on how they found the exploit? and just out of curiosity, where were the IP adresses located?

ocelotpotpie Player
Posted Sep 10 2013, 02:05 PM

The exploit was/is a known Minecraft issue. It was announced about a week ago and started gaining traction since.

hawtre Administrator
Posted Sep 10 2013, 02:05 PM

The exploit was publicised.

xMopx Player
Posted Sep 12 2013, 02:01 PM | Edited 1 time, last by xMopx

Why was the server not updated before something happened?

1 
Page 1 of 1