1
Can't get onto any multiplayer servers? Please Help!
Whenever I try to get on any MineCraft server, I keep getting denied by a message saying "Internal client error: java.io.IOException: Server returned HTTP response code: 503 for URL: http://session.minecraft.net/game/joins ... 18b5185d8d"
Can someone please help me on what to do with this? I already tried deleting every single MineCraft thing on my computer then Re-Installing it, but I got the same thing.
Can someone please help me on what to do with this? I already tried deleting every single MineCraft thing on my computer then Re-Installing it, but I got the same thing.
Create an account or sign in to comment.
7
Yeah. If you want to stay updated go here http://help.mojang.com
Technical difficulties guys, it's for everyone. There are so many threads about this.
It looks like it is happening at random times now. I think that Minecraft is having serious updates or something like that that is keeping the servers down from time to time. I can't log on to me Tekkit server and it is having the same error.
OMFG IVE BEEN LOGGED IN FR AGES TODAY UMM..... AM I HACKED???
;( I HOPE NOT! WELL IS THIS LATELY>?
PLUS THE MOJANG MINECRAFT LOGIN SERVERS ARE DOWN IS THIS AHPPENING AGAIN?
;( I HOPE NOT! WELL IS THIS LATELY>?
PLUS THE MOJANG MINECRAFT LOGIN SERVERS ARE DOWN IS THIS AHPPENING AGAIN?
XorFeare and TheBeast808 are the people as "Notch". TheBeast808 said himself that him and Xor have been logging into servers as Notch with their new hack.
What happens if you try to login? D:
UPDATE: 8.41am BST: Mojang have pulled down the session server. This should stop the issue while a proper fix is being worked on!
UPDATE: 8.52am BST: mojang blog post
Hi all. Over the past few days, numerous people have reported notch logging in to their servers. From the dialogue and IP, it was pretty obvious it wasn't really notch.
Then today on the reddit servers, we had someone log in on the account of one of our head admins. The resulting griefing was quickly caught, the account password changed, and we waited to see if further attacks would follow. After a short period, the same account was used again. The admin, forty_two, confirmed that he hasn't logged into any unknown servers lately, ruling out a MITM attack. The short time between changing the password and logging in ruled out a brute force attack on the account.
We took the servers down and began investigating. I made a post to /r/admincraft with the thought of cross-comparing plugin lists to find one with a back door. We decompiled and pulled PEX and NoCheatPlus apart, and found no back doors.
To eliminate the chance of it being a plugin bug/backdoor, we put a honeypot server up on c.nerd.nu with a minecraft protocol proxy attached, to record how they were triggering it. Within an hour, the hackers were back and connected to the (now whitelisted) c.nerd.nu server, again as forty_two. Here's the relevant portion of the log:
[20:01] >>> 0x02: Handshake {'username_host': u'forty_two;c.nerd.nu:25565'}
[20:01] <<< 0x02: Handshake {'connection_hash': u'xxx'}
[20:01] >>> 0x01: Login request {'username': u'forty_two', 'not_used_6': 0, 'not_used_4': 0, 'not_used_5': 0, 'not_used_2': 0, 'not_used_3': 0, 'not_used_1': u'', 'protocol_version': 29}
[20:01] <<< 0x01: Login request {'entity_id': 1172, 'world_height': 0, 'not_used_2': 0, 'not_used_1': u'', 'game_mode': 1, 'max_players': 60, 'level_type': u'default', 'dimension': 0}
We also patched bukkit to print information about the authentication step:
[INFO] LoginPacketName forty_two; ServerID xxx; Request URL http://session.minecraft.net/game/check ... rverId=xxx
[INFO] Response is YES
[INFO] forty_two [/xxx] logged in with entity id 381 at ([world] 3.399717322546743, 64.0, 10.73634280242685)
What's striking here is that there's nothing unusual. If it had been a bukkit plugin backdoor, we'd see some kind of communication with the plugin to tell it to skip the user auth. If it had been some kind of protocol/string packing exploit in minecraft server, again we'd see it in the packets. Nor is a minecraft session server error being triggered. The only explanation is that someone has found an exploit in the minecraft login server. It affects vanilla servers and bukkit servers equally.
After some sleuthing, we determined and confirmed that the exploit only affects accounts which have been migrated to a Mojang account. If you log into minecraft with your email address, you’re vulnerable.
A few hours ago we spoke to Dinnerbone, who got in contact with Grum and EvilSeph, and confirmed the exploit existed. We held off posting, hoping it would be fixed before the griefing community at large finds out about it. Information on how to use this exploit has now been made public, and as such we feel duty bound to advise that all server admins should do as we did and either take your servers offline or install a secondary authentication plugin. - fix now being worked on by mojang, this advice no longer applies.
A more detailed post to /r/mcpublic will follow.
TL;DR: hackers can log in as any migrated user! take your server down or use secondary authentication! see updates up top - taking your server down is no longer necessary.
DONT TRY LOGGING IN
UPDATE: 8.52am BST: mojang blog post
Hi all. Over the past few days, numerous people have reported notch logging in to their servers. From the dialogue and IP, it was pretty obvious it wasn't really notch.
Then today on the reddit servers, we had someone log in on the account of one of our head admins. The resulting griefing was quickly caught, the account password changed, and we waited to see if further attacks would follow. After a short period, the same account was used again. The admin, forty_two, confirmed that he hasn't logged into any unknown servers lately, ruling out a MITM attack. The short time between changing the password and logging in ruled out a brute force attack on the account.
We took the servers down and began investigating. I made a post to /r/admincraft with the thought of cross-comparing plugin lists to find one with a back door. We decompiled and pulled PEX and NoCheatPlus apart, and found no back doors.
To eliminate the chance of it being a plugin bug/backdoor, we put a honeypot server up on c.nerd.nu with a minecraft protocol proxy attached, to record how they were triggering it. Within an hour, the hackers were back and connected to the (now whitelisted) c.nerd.nu server, again as forty_two. Here's the relevant portion of the log:
[20:01] >>> 0x02: Handshake {'username_host': u'forty_two;c.nerd.nu:25565'}
[20:01] <<< 0x02: Handshake {'connection_hash': u'xxx'}
[20:01] >>> 0x01: Login request {'username': u'forty_two', 'not_used_6': 0, 'not_used_4': 0, 'not_used_5': 0, 'not_used_2': 0, 'not_used_3': 0, 'not_used_1': u'', 'protocol_version': 29}
[20:01] <<< 0x01: Login request {'entity_id': 1172, 'world_height': 0, 'not_used_2': 0, 'not_used_1': u'', 'game_mode': 1, 'max_players': 60, 'level_type': u'default', 'dimension': 0}
We also patched bukkit to print information about the authentication step:
[INFO] LoginPacketName forty_two; ServerID xxx; Request URL http://session.minecraft.net/game/check ... rverId=xxx
[INFO] Response is YES
[INFO] forty_two [/xxx] logged in with entity id 381 at ([world] 3.399717322546743, 64.0, 10.73634280242685)
What's striking here is that there's nothing unusual. If it had been a bukkit plugin backdoor, we'd see some kind of communication with the plugin to tell it to skip the user auth. If it had been some kind of protocol/string packing exploit in minecraft server, again we'd see it in the packets. Nor is a minecraft session server error being triggered. The only explanation is that someone has found an exploit in the minecraft login server. It affects vanilla servers and bukkit servers equally.
After some sleuthing, we determined and confirmed that the exploit only affects accounts which have been migrated to a Mojang account. If you log into minecraft with your email address, you’re vulnerable.
A few hours ago we spoke to Dinnerbone, who got in contact with Grum and EvilSeph, and confirmed the exploit existed. We held off posting, hoping it would be fixed before the griefing community at large finds out about it. Information on how to use this exploit has now been made public, and as such we feel duty bound to advise that all server admins should do as we did and either take your servers offline or install a secondary authentication plugin. - fix now being worked on by mojang, this advice no longer applies.
A more detailed post to /r/mcpublic will follow.
TL;DR: hackers can log in as any migrated user! take your server down or use secondary authentication! see updates up top - taking your server down is no longer necessary.
DONT TRY LOGGING IN
