Become a premium member to remove ads
Sign in to follow this  
haloman30

CU Updates #27 - Server Grief

0 posts in this topic

Hey, folks. You may have noticed that a little while ago as of this topic that we made an announcement on our Discord and shut all the servers down.

 

As of now, the server is all ready to go again, so if that's all you care about you're free to get back to playing. However, what happened was nothing short of insane and we think it's important that we share what exactly happened.

 

On February 25th, a group of hackers/griefers came in and somehow managed to gain OP access. Along with this, they managed to get around FastLogin's premium account protection and use my account during the whole event. Semi-Vanilla and Hub were most severely impacted, with the main server seemingly untouched (more on that in a bit).

 

Hub was almost entirely wiped from existence, as you can see in the spoiler below.

Spoiler

2019-03-01_06.31.54.png

 

2019-03-01_06.31.56.png

 

Semi-Vanilla got flat-out nuked. You know, the typical lava and explosions and whatnot.

Spoiler

2019-03-01_06.32.45.png

 

2019-03-01_06.33.04.png

 

Thankfully, we had just implemented a backup system a couple months ago. A backup system that is presently flawed and is supposed to make daily backups of the server. I wasn't informed that anything shady had happened until today, but luckily the backup system was just disabled a couple days before this all happened, and we were saved. The backups were taken just a couple days before the whole event, so very little loss of progress should be noticed.

 

We will not be sharing the identities or any usernames of those who griefed, as the publicity and attention is exactly what they want.

 

The roots of these players seem to date back to Christmas, where someone logged into Semi-Vanilla and had their IP showing as 127.0.0.1, which if you know anything about networking and how IP's work, would know that having that IP would be impossible. At the time, we wrote it off as no malicious actions took place at that time. The user tried to register with a couple of admin accounts, including wolfbitez and AlexZH. Espon (wolfbitez) just changed his username so this was no longer the real account, and Alex was never admin. Most likely he saw him in spawn and assumed he had administration powers.

 

The same pattern was found from the griefers, except when they joined main. Two of the accounts let their guard down or forgot to spoof their IP - revealing their actual IP's. These IP's have been banned from the server, as well as all of the accounts and usernames we were able to find that had connections to this group, mostly coming from their YouTube channel.

 

As for the main server, we found that there were no traces of anything left on it. No unknown OPs, nobody with the all permissions that shouldn't have it. We did notice a bug with Multiverse but it seemed to be unrelated. It has been fixed, but we ultimately don't know for sure that everything is perfect. We ask that you guys keep an eye out for anything strange, and if you find it, report it to us immediately.

 

For the time being, however, we will NOT be allowing cracked users onto the server. We don't know for sure if this was part of how they broke in, but as a precaution we will be premium-only for the time being. We will likely be keeping it that way until we update to 1.14, especially since the vast majority of our playerbase is premium anyways.

 

Normally, such an event would be a serious thing that'd cripple us, but thanks to the magic of backup it was a quick fix, and we're back up after a few hours as if nothing had happened.

 

Once again, if you find anything suspicious, let us know immediately! And for the record, I only speak English. If I'm ever on and I'm not speaking English, be wary.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this