Advertisement
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

pocketMine is in threat

Comments in 'General Discussion' started by deot, May 20, 2015.

Thread Status:
Not open for further replies.
  1. LDX
    Offline

    LDX Notable Member Plugin Developer

    Joined:
    Oct 2, 2013
    Posts:
    1,397
    Plugins:
    14
    After a couple more days of testing. I just finished adding some new features.

    _20150520_212600.JPG
  2. PixelGuy75
    Offline

    PixelGuy75 Notable Member Plugin Developer

    Joined:
    Feb 9, 2014
    Posts:
    316
    Plugins:
    2
    Minecraft User:
    PixelGuy75
    Awesome! Can't wait to try it out.
  3. aliuly
    Offline

    aliuly Notable Member Plugin Developer

    Joined:
    Feb 8, 2014
    Posts:
    1,086
    Plugins:
    17
    SimpleAuthHelper works with SimpleAuth and will detect multiple passwords attempts and has a time-out setting.

    It will give you (some) protection against brute force attacks.

    I have also posted an update (1.2.2) that implements an automatic ban by IP if somebody tries to login multiple times.
    Last edited: May 21, 2015
  4. deot
    Offline

    deot Active Member Plugin Developer

    Joined:
    Apr 22, 2015
    Posts:
    219
    Plugins:
    1
    Minecraft User:
    deot
    Okay thanks :)
    But I know SimpleAuthHelper already since u first release it. :)

    But I didn't use it becauae I try (first version) to login with /login but it didn't work... Can u make both /login and direct type password work? Because some players don't know about this kind of login method without /login

    Thanks in advance :)
  5. aliuly
    Offline

    aliuly Notable Member Plugin Developer

    Joined:
    Feb 8, 2014
    Posts:
    1,086
    Plugins:
    17
  6. deot
    Offline

    deot Active Member Plugin Developer

    Joined:
    Apr 22, 2015
    Posts:
    219
    Plugins:
    1
    Minecraft User:
    deot
    Yes! It is! All the code (JavaScript) is in the link u given :)
  7. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Technically, brute force is not THAT possible, because you need to transmit a lot of message packets between the server and the clients. It will actually lag the server.
    According to a test on a fairly fast VPS, brute-force of 16777215 passwords using SimpleAuth's algorithm takes about 89 seconds. (provided the hash is saved in a variable)
    Andrey Nazarchuk likes this.
  8. matthww
    Offline

    matthww Active Member

    Joined:
    May 13, 2014
    Posts:
    91
    Minecraft User:
    Matthww
    so people can lag a server to thats not good :(
  9. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    People can always lag a server, for example by DoS (not necessarily DDoS). In this case the lag is good, because it may avoid the user logging in by having a timeout.
    Andrey Nazarchuk likes this.
  10. matthww
    Offline

    matthww Active Member

    Joined:
    May 13, 2014
    Posts:
    91
    Minecraft User:
    Matthww
    i know but most of the people don't know how to dos (ddos)
    LDX likes this.
  11. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,294
    Plugins:
    11
    Minecraft User:
    PEMapModder
    That isn't the problem. The problem ims someone can, regardless of how many people can.
    Andrey Nazarchuk and TigerHix like this.
  12. Samueljh1
    Offline

    Samueljh1 Active Member Plugin Developer

    Joined:
    Jan 9, 2015
    Posts:
    316
    Plugins:
    5
    Minecraft User:
    Samueljh1_
    As an experienced modder, i can tell you that most of the hacks on here won't work on servers.

    For a start, any type of:

    • Mob Spawning
    • Block Placement (Auto)
    • Custom Items
    • Custom Entities
    • Client Speed Change (Fps : e.g.: slowmo)
    • Inventory Hacks (on Pocketmine)
    • Time Change
    • Player Modifications Such as Health and Invisibility (Any invis on pocketmine is just a bug)
    • Gamemodes (Will have the ability to fly, but STILL takes damage, and items will be stopped by pocket mine. Health will look different to the player, but no change will occur)
    • Riding Entities
    • Speed Mining can be detected.
    Will not work on servers and will only have effect on the hacker.

    Also, the password hack only spams numbers.

    Who sets there pass to only numbers? (lol)

    Tell me some more hax on there and ill tell u if they work or not.

    Mods/Features that work:

    • Speed (pocketmine is crud at stopping this xD)
    • Fly (stopped by pocketmine)
    • Jump Boost
    • Teleportation (can be stopped by pocket mine)
    TigerHix and LDX like this.
  13. deot
    Offline

    deot Active Member Plugin Developer

    Joined:
    Apr 22, 2015
    Posts:
    219
    Plugins:
    1
    Minecraft User:
    deot
    But I can tell u 1 hack that work like god on Pocketmine, that's invisible!

    Player can kill a player without showing himself, invisible!
  14. Samueljh1
    Offline

    Samueljh1 Active Member Plugin Developer

    Joined:
    Jan 9, 2015
    Posts:
    316
    Plugins:
    5
    Minecraft User:
    Samueljh1_
    Nop. Must be a PM bug. Invis = custom model.
    xiaoq and LDX like this.
  15. deot
    Offline

    deot Active Member Plugin Developer

    Joined:
    Apr 22, 2015
    Posts:
    219
    Plugins:
    1
    Minecraft User:
    deot
    I know, okay maybe its a bug, but they really bypass this bug... They are really in invisible and can kill people.. I see by my own eyes! At first, I wasn't trust my players said that too, but after I built the PvP Arena, this kind of thing happen more frequently and I saw them even kill me in invisible

    I really hope pocketMine can update and patch this bug :)
  16. Samueljh1
    Offline

    Samueljh1 Active Member Plugin Developer

    Joined:
    Jan 9, 2015
    Posts:
    316
    Plugins:
    5
    Minecraft User:
    Samueljh1_
    Its not a bug BlockLauncher can control. Its just something random.
  17. Legoboy0215
    Offline

    Legoboy0215 Notable Member

    Joined:
    Nov 1, 2014
    Posts:
    1,724
    Minecraft User:
    Legoboy0215
    I thought BlockLauncher disables any mod when in an server?
  18. deot
    Offline

    deot Active Member Plugin Developer

    Joined:
    Apr 22, 2015
    Posts:
    219
    Plugins:
    1
    Minecraft User:
    deot
    Legoboy, no,
    Oppositely, BlockLauncher enables all mod to help you to "hack" (Maybe I can't call it hack) the server
  19. Legoboy0215
    Offline

    Legoboy0215 Notable Member

    Joined:
    Nov 1, 2014
    Posts:
    1,724
    Minecraft User:
    Legoboy0215
    Really? TMI does not work in servers.... In fact, the icon does not appear at all.
    LDX likes this.
  20. Samueljh1
    Offline

    Samueljh1 Active Member Plugin Developer

    Joined:
    Jan 9, 2015
    Posts:
    316
    Plugins:
    5
    Minecraft User:
    Samueljh1_
    He programmed it not to as it wouldn't work
Thread Status:
Not open for further replies.

Share This Page

Advertisement