4
Server Owners BEWARE! A new force operator exploit is present in hack clients!
'Hack clients', are getting more and more advanced, have recently released a new feature. Illegal client modification users can now create books that can make them Operator on your server! That's right, a writeable book that forces op. Not only can these be used to force op, but a player can make other players do unwanted commands as well, such as pay them economy money, or they can give the books to lower staff with a /ban command to ban a player that they do not like. This can be helpful for adventure map makers, but for server owners, it could be a tragic nightmare.
Basically, the hack client user is able to make a book use commands by having someone click inside of the book. There are currently two hack clients that support this, Wolfram and Wurst.
How does this work?
Wolfram:
- The hacker will go to GUI > Mod Menu Other > Enable Command book.
- They will then go into chat/command window: .cbook command (.cbook /op [minecraft username]).
- Then they will create a book and give it to an admin or owner.
Wurst:
- The hacker will craft a book and quill.
- They will then type some text into it. Usually a URL so that people will believe it is legitimate.
- They will then click Sign and give it a title.
- Once that is done, they will click Command Link and type in any command.
- They will click Done.
- After they are done with that they will give it to the admin or to whoever they want to trick.
Be careful with books, warn other players, share this article, etcetera.
Thanks for reading!
-David (SirNoob)
Tags |
tools/tracking
3355793
6
server-owners-beware-minecraft-force-op-book-exploit
Create an account or sign in to comment.
Edit: the force op it's self is illegal and could earn you prison time. It is effectively a trogan horse that infiltrates the server pretending to be something else, often a link
Fortunately I was the only other person online and I was smart enough to thwart his attempts at banning me and taking control of the server. After the server shut down and some quick coding, I was able to get him removed and banned.
I run Spigot 1.11.2 - Are there any fixes for this yet?
The Spigot developers have recently fixed this bug. It's reccomended you use Spigot instead of Bukkit if you want to be safe. If you still prefer Bukkit, click here for the Spigot exploit fix.
We're talking about certain exploits these modded clients are currently using and these exploits have mostly been fixed in 1.8.7/1.8.8