Force-OP? It's only a Myth? A Rumor? Right?!
And Your Own Server Could Be At Risk
"How?" So many of you are asking yourselves, well, there is a new program out called Session Stealer.
Lets Cut Right to The Chase:
0. Table of Contents of this Blog:
I. What Is It?
- Goes over What Session Stealer is
- Goes over how you can be affected
- Goes over how you "Session Can Be Stolen"
II. How do I defend Myself?
- Goes over how you can defend yourself from Session Stealer
- Introduces Plugin, NoCheat+
III. What Happens If You Fell For The Trick?
- Goes Over how to potentially save your server
- Goes Through the steps to calmly and easily take care of the mess you made by falling for the trick and not listening to this blog... :D
IV. Known Users
- Everyone reported to me for attempting to use Session Stealer will be listed in this section
- I test out people's knowledge of the protection of their server and survey what they do
I. What is it?
Session Stealer is a program that creates a fake server. If you are the owner of your server you are a top target. Players have been known to try to lure you into their "server". They will tell you an ip, when you join it, you will get some type of error message, and boom, your session has just been stolen A.K.A Boom Goes The Dynamite
II. How Do I Defend Myself From This?
There are two methods. One, the easier, and safer, is to use a new plugin called NoCheat+, Or NoCheatPlus, not only will this plugin make it so people cannot do many other hacking features on your server, but it includes a feature to make it so players can only be op'ed from the console, thus making it impossible for people to be op'ed on your server through Session Stealer, although, NoCheat+ does not stop people being able to add other commands to their name in the permissions file, it only blocks the ForceOp. There is to block from that though, however it is not very easy. This brings us to our next part. The other way to prevent Session Stealer from attacking your server is to use common sense. If a player on your server says that you should check something out on theirs, don't do it. There are many messages people will use to try to lure you into their server. These can be seen in the later part of this blog "Common Excuses"
III. What Do I Do If I fell For The Trick?
If you join the "server" and get the message "Disconnected From Server" and then "Kicked From Server" or any other type of disconnect message, you must react quickly! Do the following steps to potentially save your server:
1. Go to the server console
2. Ban the player that told you about his "Server"
3. Undo any commands that he did
Someone Stole Your Map
Can You Check Something On My Server?
(I will add more as I notice more being used)
IV. Known Users (People who tried to use it on you, please add their name in the comments with some sort of proof, then I will add their name here)(Also, just because their name is on here does not mean to completely ban them from every server, just keep in mind that they are lying about their server)
I am going to different servers and trying to see if they will join my "server." I have not set up session stealer and I do not plan to, I am merely seeing if they are educated about it and I am seeing what they will do about it.
I have tested 3 Servers:
1 Server(s) Banned Me For "Session Stealing"
2 Server(s) Tried to Join My Fake Server
33% Acceptance Rate
(Thats Not Good!)
If this helped you please diamond, favorite, like, retweet, and/or share this page so everyone can know how to defnd against this new program.
People to thank:
Mr_Blue_Sky: He told me about the NoCheat+ Features