bijan588 Posted August 17, 2011 Share Posted August 17, 2011 Guys take a look at this, it could affect all of us http://www.minecraftforum.net/topic/553214-warning-to-all-shared-minecraft-hosts/ Today DaddyCheese hosting identified a user running a CraftBukkit plugin that enabled a user to traverse and read the systems directory structure outside of their server directory. Thankfully this occurred on a new node and no sensitive information was accessed. I am not sure exactly what setups this will affect, but any system not imposing any kind of access controls will be affected. With the support of Daniel Hofer (Multicraft Author) DaddyCheese hosting has secured its servers from this kind of exploit in the future. I suggest all hosts check their hosting setups to ensure that this is not possible in your environments. We will report more when we have had a chance to investigate the method further. Link to comment Share on other sites More sharing options...
Bubka3 Posted August 18, 2011 Share Posted August 18, 2011 Thanks for the heads up! Link to comment Share on other sites More sharing options...
Jack Posted August 18, 2011 Share Posted August 18, 2011 This sounds fairly severe. Link to comment Share on other sites More sharing options...
SickPuppy Posted August 19, 2011 Share Posted August 19, 2011 This is why we do not store client information on a game server box. Link to comment Share on other sites More sharing options...
leetservers Posted August 20, 2011 Share Posted August 20, 2011 This is why we do not store client information on a game server box. Client info is the LEAST of your problems with a system exploit. -bobby Link to comment Share on other sites More sharing options...
bijan588 Posted August 20, 2011 Author Share Posted August 20, 2011 Client info is the LEAST of your problems with a system exploit. -bobby Exactly, the problem is server data, maps and such Any fix yet for windows users? Link to comment Share on other sites More sharing options...
trancemode Posted August 20, 2011 Share Posted August 20, 2011 Exactly, the problem is server data, maps and such Any fix yet for windows users? Fix? Basically just keep a look out and have high security. The OP of that thread mention it is a "bukkit" plugin and ANYONE can just simply rename the .jar to something else. I'm thinking its hard to find if you have tons of users (clients) and if you want to keep track of each plugins every day, every hour. OR unless you disable all .jar uploads but I don't really see the point of providing Minecraft if majority wants to use plugins. Link to comment Share on other sites More sharing options...
Bubka3 Posted August 20, 2011 Share Posted August 20, 2011 The problem is your server being turned into a botnet drone. Link to comment Share on other sites More sharing options...
dimitrifrom31 Posted August 21, 2011 Share Posted August 21, 2011 Exactly, the problem is server data, maps and such Any fix yet for windows users? http://clientforums.tcadmin.com/showthread.php?t=6428 Link to comment Share on other sites More sharing options...
SickPuppy Posted August 21, 2011 Share Posted August 21, 2011 If all the exploit does is allow the directory to be read all they can do is view what is installed on your server. With out write access what can they do. This could be an issue with EA ranked providers. Link to comment Share on other sites More sharing options...
trancemode Posted August 23, 2011 Share Posted August 23, 2011 Don't put any personal information or billing information on your server. I don't think it gives them access to write. Link to comment Share on other sites More sharing options...
dimitrifrom31 Posted August 23, 2011 Share Posted August 23, 2011 If all the exploit does is allow the directory to be read all they can do is view what is installed on your server. With out write access what can they do. This could be an issue with EA ranked providers. I dont think any decent gsp will dare to run minecraft next to any other game on a box. Performances would be terrible. Link to comment Share on other sites More sharing options...
{-SMAKU-}_MotorMouth Posted August 24, 2011 Share Posted August 24, 2011 We don't see any performance hit with Minecraft on our servers. It does not affect any of the other game servers. Link to comment Share on other sites More sharing options...
dimitrifrom31 Posted August 26, 2011 Share Posted August 26, 2011 We don't see any performance hit with Minecraft on our servers. It does not affect any of the other game servers. problem is that when you will get it you will have to massively move servers unless you are not hosting much mc ones Link to comment Share on other sites More sharing options...
lpgservers Posted August 26, 2011 Share Posted August 26, 2011 Why would you have to move servers? Why make assumptions and present them as statements when you don't know? Link to comment Share on other sites More sharing options...
dimitrifrom31 Posted August 26, 2011 Share Posted August 26, 2011 Why would you have to move servers? Why make assumptions and present them as statements when you don't know? because i know actually. minecraft is resource intensive and certain plugins can cause high cpu usage spikes which can make lag most of other game servers. Small hosts may not be affected by this if running a very low amount of mc servers per machine. Link to comment Share on other sites More sharing options...
lpgservers Posted August 27, 2011 Share Posted August 27, 2011 Any and all games can cause performance hits if allowed to do so. Obviously you have a different circumstance(s) than what I've had experience with. Link to comment Share on other sites More sharing options...
trancemode Posted August 27, 2011 Share Posted August 27, 2011 Not only can minecraft consume CPU due to plugin and rams but it can also be a heavy read + write on the hard drive. Link to comment Share on other sites More sharing options...
dimitrifrom31 Posted August 27, 2011 Share Posted August 27, 2011 Any and all games can cause performance hits if allowed to do so. Obviously you have a different circumstance(s) than what I've had experience with. well you are lucky if it did not affect your other games running on the same machine but this will more likely happen. there are certain games that you need to avoid running next to others, minecraft is #1. Link to comment Share on other sites More sharing options...
lpgservers Posted August 27, 2011 Share Posted August 27, 2011 well you are lucky if it did not affect your other games running on the same machine but this will more likely happen. there are certain games that you need to avoid running next to others, minecraft is #1. I was referencing the ranked games as to which you have no knowledge since that is what you originally quoted Sickpuppy about. Anyhow, all of this is useless diatribe at this point. Link to comment Share on other sites More sharing options...
SickPuppy Posted September 14, 2011 Share Posted September 14, 2011 I was referencing the ranked games as to which you have no knowledge since that is what you originally quoted Sickpuppy about. Anyhow, all of this is useless diatribe at this point. Diatribe dude, had to look that one up. di?a?tribe/ˈdīəˌtrīb/Noun: A forceful and bitter verbal attack against someone or something Link to comment Share on other sites More sharing options...
lpgservers Posted September 15, 2011 Share Posted September 15, 2011 Datribe dude, had to look that one up. di?a?tribe/ˈdīəˌtrīb/Noun: A forceful and bitter verbal attack against someone or something Happy to help you expand your vocabulary. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.