397
What is Session Stealing?
Session stealing is when someone steals your current logged in session and use it to login as you on the most recent server you have visited. If you are a OP rank or have any major powers on the server they wither OP themselves if able to or start to grief as you.
This was brought to my attention due to a recent server attack on a server i staff, the users gained access to a staff members session, gave themselves OP (since our plugin we had to prevent in game op giving was disabled for some odd reason) and then griefed our spawn (after messing around trying to figure out how to).
How do people steal my session?
The most common way is to lure you or a high ranking member of your server to their server / fake server and take the session you login with. This can be done by someone hopping onto your server and claiming they have seen your builds or server spawn in another server and link an ip or server address.
After you visit their fake server (most the time the server does not connect) they are able to login as you and use whatever powers you have on the server. (your password is safe BUT i suggest you change it if this happens to you just as a security measure.
What can i do to stop this happening to me or my server?
- Dont go to IP's or servers you do not trust
- Make sure you have plugins enabled to stop OP being given in game (nocheatplus works well)
- Set up passwords for your users of a select rank and higher using a plugin, so if their account tries to login they have to type a password before they can do anything on the server.
- Let your friends and server community know of this issue so they are not in danger of this happening to them.
Tags |
1161138
6
Create an account or sign in to comment.
IF people really want to find out about it they would even if i didn't post this