Does anyone know of a solution to people hacking the logon accounts of other players on FTB Unleashed? I assume this affects anything using MC 1.6. Since it is an obsolete version of Minecraft, I assume this is unfixable.
Just had a Russian hacker wreck an Unleashed server overnight due to this.
I strongly recommend that server admins de-op themselves before leaving the server. This way a hacker cannot take over an admin account and //regen your spawn, kill players and //regen them, etc. Your ops.txt should be blank.
If someone needs op, they can give it back to themselves via the server console.
,
Now, as far as I can determine, there IS a solution, but no one has done it and it requires some serious networking programming skill to pull it off. The way that hacking works is that there are these obsessed nerdish people who pick through the server source and network packet traces and look for things to exploit.
What we need is a white-hat hacker to develop a Layer-7 network packet inspector. This inspects all network traffic and analyzes it to make sure that it complies with the standard logon and communication methods used by a normal game.
The standard Minecraft network protocol has been documented here: http://wiki.vg/Protocol
If a hacker tries to use an exploit with weird packets to take over another person's account, the Layer-7 packet inspector sees these packets, doesn't recognize them because they don't match the documented network protocols, and discards them as invalid, protecting the server from hacking.
This approach to protecting old Minecraft servers does not require any modification to the MC server. It runs as it always did, oblivious to the fact that a second programming layer has been applied over the top of it to defend it from hacked clients.
Just had a Russian hacker wreck an Unleashed server overnight due to this.
I strongly recommend that server admins de-op themselves before leaving the server. This way a hacker cannot take over an admin account and //regen your spawn, kill players and //regen them, etc. Your ops.txt should be blank.
If someone needs op, they can give it back to themselves via the server console.
,
Now, as far as I can determine, there IS a solution, but no one has done it and it requires some serious networking programming skill to pull it off. The way that hacking works is that there are these obsessed nerdish people who pick through the server source and network packet traces and look for things to exploit.
What we need is a white-hat hacker to develop a Layer-7 network packet inspector. This inspects all network traffic and analyzes it to make sure that it complies with the standard logon and communication methods used by a normal game.
The standard Minecraft network protocol has been documented here: http://wiki.vg/Protocol
If a hacker tries to use an exploit with weird packets to take over another person's account, the Layer-7 packet inspector sees these packets, doesn't recognize them because they don't match the documented network protocols, and discards them as invalid, protecting the server from hacking.
This approach to protecting old Minecraft servers does not require any modification to the MC server. It runs as it always did, oblivious to the fact that a second programming layer has been applied over the top of it to defend it from hacked clients.