Securing your priviliged accounts

[Francis Baster]

I notice that during the last hour the Minecraft login protocol seems to have been compromised (again). First I noticed that the login servers went offline for 20 minutes, then the MCEdit API servers went down. Next I see that somebody was attempting to join my server with a vanilla client. He attempted to join 15 times within a 30 minute period, and everytime he got kicked for not having FML installed. A different IP and user name was used with every login attempt. It would appear that he was able to log on to any Premium server with any Minecraft account name that he wanted, as he was using names such as AntVenom and God.

Considering that it is not the first time that the login protocol has been compromised, this is a good reminder to ensure that you have additional security on your opped / privileged accounts. I recommend using WorldGuard's host key feature if you use MCPC+.

 

[TheDJParadox]

Great suggestion... It's about time they should get some better security reinforcements embedded within their systems.

 

[DZCreeper]

Solid reminder that no one needs OP. Assign people the permissions that they need rather than just blanket OP if they only need a few for things like WorldEdit. An excellent example is that anyone with OP and do /stop and completely turn the server off until someone with console access notices.

 

[TheDJParadox]

I remember those plugins that force a user to type a password to unlock their player on a server. This might be a good idea as it will provide an extra layer of security should someone actually get in on your account, they need to work out your password.

 

[Francis Baster]

I remember those plugins that force a user to type a password to unlock their player on a server. This might be a good idea as it will provide an extra layer of security should someone actually get in on your account, they need to work out your password.

Yes, a password lock together with host key verification would be a very secure solution.