1

Warning Malicious bukkit plugins

Modmasta's Avatar Modmasta9/17/13 1:08 pm
1 emeralds 905 9
9/17/2013 2:17 pm
Modmasta's Avatar Modmasta
It has come to our attention that the plugins "NanoGuard Anticheat" and "InfiniteDispenser" have been distributing potentially malicious code hidden within their update process. We urge all server admins running these plugins or who have run these plugins to read this PSA carefully and follow the advice given immediately.

We strongly advise all server admins to cease using these plugins immediately:

NanoGuard Anticheat (Default file name: NanoGuardJAR.jar or similar)
InfiniteDispenser (Default file name: InfiniteDispenser-3.2.jar or similar)

As a general precaution, we strongly recommend that all server admins perform a full examination of their server, keeping an eye out for unknown plugins or suspicious behaviour - as is proper on a periodic basis. We also would like to remind server admins to avoid running anything with root or admin privileges without taking the proper precautions to safeguard against the security risks it poses.

In accordance with our community policies regarding malicious code, these projects and their files have been completely removed from our sites and the individuals associated have been banned. While we do not - and cannot - guarantee we'll catch everything, our approval process is an ever evolving aspect of our project and we believe that it is an integral piece in providing server admins with peace of mind when running their servers.

Thanks for your continued support and understanding in this matter,
EvilSeph
- on behalf of the Bukkit Project
http://forums.bukkit.org/threads/psa-ma ... er.174108/

Its always better to manually update and a good prractice to have your op.txt file write protected
Posted by Modmasta's Avatar
Modmasta
Level 53 : Grandmaster Programmer
39

Create an account or sign in to comment.

9

1
09/17/2013 2:01 pm
Level 40 : Master Cake
aman207
aman207's Avatar
1
09/17/2013 1:48 pm
Level 53 : Grandmaster Programmer
Modmasta
Modmasta's Avatar
The plugins start legit approved the whole nine yards. The problem begins when your server allows the auto update and your server auto uploads a new version of the plugins. You have no idea what the auto updated version is or what it can do. All you know is everything looks the same. Always Manually UPDATE.
I look at the code on everything on my server to make sure its safe. I know all of us
don't know how to do this. Their are a lot of people in minecraft a lot are new coders and dont let some idiot make you distrust because someone is new. If you have questions ask them. Their are many that have the knowledge to help look at the code a verify its safe. AND DO NOT ALLOW PLUGINS TO AUTO UPDATE.
1
09/17/2013 2:02 pm
Level 27 : Expert Engineer
SG_Unicron
SG_Unicron's Avatar
You can auto update?
Me and my bro have a private bukkit server, and it took me awhile to update the plugins... Maybe it's a good thing I didn't know about this.
1
09/17/2013 1:28 pm
Level 11 : Journeyman Pokemon
Nevin
Nevin's Avatar
Thanks for the post
1
09/17/2013 1:26 pm
Level 35 : Artisan Droid
GiganticBlock
GiganticBlock's Avatar
What you mean. InfiniteDispensers on official craft bukkit site are rogue plugin? Or just one of these who are our of craftbukkit.
1
09/17/2013 1:22 pm
Level 11 : Journeyman Ranger
pikakill41
pikakill41's Avatar
Yes, it is all thanks to tutorials on YouTube to make a plugin that enables people to force-op on your server.
1
09/17/2013 2:17 pm
Level 53 : Grandmaster Programmer
Modmasta
Modmasta's Avatar
All the plugin tutorials help many start programming so this is a good thing. The force op has been a hoax for the most part. The best thing to do is practice good security. If
your op.txt is write protected the server can not change it to add anyone to op. I have a plugin and there are a few more out there to protect against a force op of any kind.
If they are added to op and they are not supposed to be. They are automatically gone.
I don't even have to know who when or how. So tutorials are good they help teach programming, maybe not all are good. But most out there are good. You cant condemn all because of handful of bad people.
1
09/17/2013 1:20 pm
Level 24 : Expert Ninja
EnderPvPsYT
EnderPvPsYT's Avatar
Yeah, InfiniteDispensers hacked my server..
1
09/17/2013 1:15 pm
Level 11 : Journeyman Ranger
pikakill41
pikakill41's Avatar
Ok, thanks for The help Seph.
Planet Minecraft

Website

© 2010 - 2024
www.planetminecraft.com

Welcome