Minecraft host exploit

[bijan588]

Guys take a look at this, it could affect all of us

http://www.minecraftforum.net/topic/553214-warning-to-all-shared-minecraft-hosts/

Today DaddyCheese hosting identified a user running a CraftBukkit plugin that enabled a user to traverse and read the systems directory structure outside of their server directory. Thankfully this occurred on a new node and no sensitive information was accessed.

 

I am not sure exactly what setups this will affect, but any system not imposing any kind of access controls will be affected.

 

With the support of Daniel Hofer (Multicraft Author) DaddyCheese hosting has secured its servers from this kind of exploit in the future.

 

I suggest all hosts check their hosting setups to ensure that this is not possible in your environments.

 

We will report more when we have had a chance to investigate the method further.

[Bubka3]

Thanks for the heads up!

[Jack]

This sounds fairly severe.

[SickPuppy]

This is why we do not store client information on a game server box.

[leetservers]

This is why we do not store client information on a game server box.

 

Client info is the LEAST of your problems with a system exploit.

-bobby

[bijan588]

Client info is the LEAST of your problems with a system exploit.

-bobby

 

Exactly, the problem is server data, maps and such

 

 

Any fix yet for windows users?

[trancemode]

Exactly, the problem is server data, maps and such

 

 

Any fix yet for windows users?

 

Fix?

 

Basically just keep a look out and have high security.

 

The OP of that thread mention it is a "bukkit" plugin and ANYONE can just simply rename the .jar to something else.

 

I'm thinking its hard to find if you have tons of users (clients) and if you want to keep track of each plugins every day, every hour.

 

OR unless you disable all .jar uploads but I don't really see the point of providing Minecraft if majority wants to use plugins.

[Bubka3]

The problem is your server being turned into a botnet drone.

[dimitrifrom31]

Exactly, the problem is server data, maps and such

 

 

Any fix yet for windows users?

 

http://clientforums.tcadmin.com/showthread.php?t=6428

[SickPuppy]

If all the exploit does is allow the directory to be read all they can do is view what is installed on your server. With out write access what can they do. This could be an issue with EA ranked providers.

[trancemode]

Don't put any personal information or billing information on your server.

 

I don't think it gives them access to write.

[dimitrifrom31]

If all the exploit does is allow the directory to be read all they can do is view what is installed on your server. With out write access what can they do. This could be an issue with EA ranked providers.

 

I dont think any decent gsp will dare to run minecraft next to any other game on a box. Performances would be terrible.

[{-SMAKU-}_MotorMouth]

We don't see any performance hit with Minecraft on our servers. It does not affect any of the other game servers.

[dimitrifrom31]

We don't see any performance hit with Minecraft on our servers. It does not affect any of the other game servers.

 

problem is that when you will get it you will have to massively move servers unless you are not hosting much mc ones

[lpgservers]

Why would you have to move servers? Why make assumptions and present them as statements when you don't know?

[dimitrifrom31]

Why would you have to move servers? Why make assumptions and present them as statements when you don't know?

 

because i know actually. minecraft is resource intensive and certain plugins can cause high cpu usage spikes which can make lag most of other game servers. Small hosts may not be affected by this if running a very low amount of mc servers per machine.

[lpgservers]

Any and all games can cause performance hits if allowed to do so. Obviously you have a different circumstance(s) than what I've had experience with.

[trancemode]

Not only can minecraft consume CPU due to plugin and rams

but it can also be a heavy read + write on the hard drive.

[dimitrifrom31]

Any and all games can cause performance hits if allowed to do so. Obviously you have a different circumstance(s) than what I've had experience with.

 

well you are lucky if it did not affect your other games running on the same machine but this will more likely happen.

 

there are certain games that you need to avoid running next to others, minecraft is #1.

[lpgservers]

well you are lucky if it did not affect your other games running on the same machine but this will more likely happen.

 

there are certain games that you need to avoid running next to others, minecraft is #1.

 

I was referencing the ranked games as to which you have no knowledge since that is what you originally quoted Sickpuppy about. Anyhow, all of this is useless diatribe at this point.

[SickPuppy]

I was referencing the ranked games as to which you have no knowledge since that is what you originally quoted Sickpuppy about. Anyhow, all of this is useless diatribe at this point.

 

Diatribe dude, had to look that one up.

 

di?a?tribe/ˈdīəˌtrīb/Noun: A forceful and bitter verbal attack against someone or something

[lpgservers]

Datribe dude, had to look that one up.

 

di?a?tribe/ˈdīəˌtrīb/Noun: A forceful and bitter verbal attack against someone or something

 

Happy to help you expand your vocabulary.