1
It has come to our attention that the plugins "NanoGuard Anticheat" and "InfiniteDispenser" have been distributing potentially malicious code hidden within their update process. We urge all server admins running these plugins or who have run these plugins to read this PSA carefully and follow the advice given immediately.
We strongly advise all server admins to cease using these plugins immediately:
NanoGuard Anticheat (Default file name: NanoGuardJAR.jar or similar)
InfiniteDispenser (Default file name: InfiniteDispenser-3.2.jar or similar)
As a general precaution, we strongly recommend that all server admins perform a full examination of their server, keeping an eye out for unknown plugins or suspicious behaviour - as is proper on a periodic basis. We also would like to remind server admins to avoid running anything with root or admin privileges without taking the proper precautions to safeguard against the security risks it poses.
In accordance with our community policies regarding malicious code, these projects and their files have been completely removed from our sites and the individuals associated have been banned. While we do not - and cannot - guarantee we'll catch everything, our approval process is an ever evolving aspect of our project and we believe that it is an integral piece in providing server admins with peace of mind when running their servers.
Thanks for your continued support and understanding in this matter,
EvilSeph
- on behalf of the Bukkit Project
http://forums.bukkit.org/threads/psa-ma ... er.174108/
Its always better to manually update and a good prractice to have your op.txt file write protected
We strongly advise all server admins to cease using these plugins immediately:
NanoGuard Anticheat (Default file name: NanoGuardJAR.jar or similar)
InfiniteDispenser (Default file name: InfiniteDispenser-3.2.jar or similar)
As a general precaution, we strongly recommend that all server admins perform a full examination of their server, keeping an eye out for unknown plugins or suspicious behaviour - as is proper on a periodic basis. We also would like to remind server admins to avoid running anything with root or admin privileges without taking the proper precautions to safeguard against the security risks it poses.
In accordance with our community policies regarding malicious code, these projects and their files have been completely removed from our sites and the individuals associated have been banned. While we do not - and cannot - guarantee we'll catch everything, our approval process is an ever evolving aspect of our project and we believe that it is an integral piece in providing server admins with peace of mind when running their servers.
Thanks for your continued support and understanding in this matter,
EvilSeph
- on behalf of the Bukkit Project
http://forums.bukkit.org/threads/psa-ma ... er.174108/
Its always better to manually update and a good prractice to have your op.txt file write protected
Create an account or sign in to comment.
9
1
1
The plugins start legit approved the whole nine yards. The problem begins when your server allows the auto update and your server auto uploads a new version of the plugins. You have no idea what the auto updated version is or what it can do. All you know is everything looks the same. Always Manually UPDATE.
I look at the code on everything on my server to make sure its safe. I know all of us
don't know how to do this. Their are a lot of people in minecraft a lot are new coders and dont let some idiot make you distrust because someone is new. If you have questions ask them. Their are many that have the knowledge to help look at the code a verify its safe. AND DO NOT ALLOW PLUGINS TO AUTO UPDATE.
I look at the code on everything on my server to make sure its safe. I know all of us
don't know how to do this. Their are a lot of people in minecraft a lot are new coders and dont let some idiot make you distrust because someone is new. If you have questions ask them. Their are many that have the knowledge to help look at the code a verify its safe. AND DO NOT ALLOW PLUGINS TO AUTO UPDATE.
1
You can auto update?
Me and my bro have a private bukkit server, and it took me awhile to update the plugins... Maybe it's a good thing I didn't know about this.
Me and my bro have a private bukkit server, and it took me awhile to update the plugins... Maybe it's a good thing I didn't know about this.
1
Thanks for the post
1
What you mean. InfiniteDispensers on official craft bukkit site are rogue plugin? Or just one of these who are our of craftbukkit.
1
Yes, it is all thanks to tutorials on YouTube to make a plugin that enables people to force-op on your server.
1
All the plugin tutorials help many start programming so this is a good thing. The force op has been a hoax for the most part. The best thing to do is practice good security. If
your op.txt is write protected the server can not change it to add anyone to op. I have a plugin and there are a few more out there to protect against a force op of any kind.
If they are added to op and they are not supposed to be. They are automatically gone.
I don't even have to know who when or how. So tutorials are good they help teach programming, maybe not all are good. But most out there are good. You cant condemn all because of handful of bad people.
your op.txt is write protected the server can not change it to add anyone to op. I have a plugin and there are a few more out there to protect against a force op of any kind.
If they are added to op and they are not supposed to be. They are automatically gone.
I don't even have to know who when or how. So tutorials are good they help teach programming, maybe not all are good. But most out there are good. You cant condemn all because of handful of bad people.
1
Yeah, InfiniteDispensers hacked my server..
1
Ok, thanks for The help Seph.