Advertisement
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

pocketMine is in threat

Comments in 'General Discussion' started by deot, May 20, 2015.

Thread Status:
Not open for further replies.
  1. deot
    Offline

    deot Active Member Plugin Developer

    Joined:
    Apr 22, 2015
    Posts:
    219
    Plugins:
    1
    Minecraft User:
    deot
    Guys, now a lot of players keep hacking (use thier client mods) on all server! And I found that this is the one most serious modding that threat the server...
    [​IMG]
    Many people use this, Ghost Hack MCPE to do a lot of crazy thing....

    It can make them invisible, change server time, no fall kill, parachute, give armor that really bypass the server detection!! The invisible mod work like God! Even owner can't see them....

    Current confirmed working hacks on server:
    1) Invisible Mod
    2) Force server time to always day
    3) PvP Regeneration
    4) Speed Mine
    5) Sniper Bow

    Please, we need somebody to stand up build a plugin or maybe pocketMine can make an update to anti these hacks.... They are not just flying and speed hack anymore....

    P/S: I see that this mod can hack password (But I didn't try it yet)
    Last edited: May 20, 2015
    HamIsGoodie likes this.
  2. xFlare
    Offline

    xFlare Active Member Plugin Developer

    Joined:
    Sep 28, 2014
    Posts:
    199
    Plugins:
    1
    Minecraft User:
    xFlare
    Invisible mod, PvP regeneration, time force, would NOT work on servers.n
  3. DunxandMinecraft
    Offline

    DunxandMinecraft Active Member

    Joined:
    Oct 26, 2014
    Posts:
    158
    LOL
  4. EvolSoft
    Offline

    EvolSoft Notable Member Plugin Developer

    Joined:
    Sep 10, 2014
    Posts:
    821
    Plugins:
    15
    Minecraft User:
    Flavius12
    I think this mod won't work on PocketMine because it processes all data sent by client and checks if it's correct (PocketMine should have a good mods protection)
  5. Jazzwhistle
    Offline

    Jazzwhistle Notable Member

    Joined:
    Dec 27, 2014
    Posts:
    365
    Minecraft User:
    Awzaw
    It works very well on pocketmine, except a few of the mods. I can get instant creative mode, flying without falling or getting kicked, and I can even break blocks, with time, in areaprotected levels. In areas that are not protected I can have a field day, and grief to my hearts content -:( I can out-spam chatdefender, set to permanent night time and speed mode isn't blocked.

    I'll help if I can, but we need to either get some better BlockLauncher or GhostHack detection going on... or persuade the developer of this script to at least remove nuke, tnt tap, password hack etc. Not that doing so would eliminate usage, but it would at least make it more difficult to get hold of that just going to google play.
  6. Exxarion
    Offline

    Exxarion Active Member Plugin Developer

    Joined:
    Jan 5, 2014
    Posts:
    242
    Plugins:
    1
    Minecraft User:
    Notch
    I would expect this to be taken down from the google play store. Apps like these can compromise user security (*ahem* passwords), and destroy a server that somebody is paying good money for.

    There should also be an anti-hack system implemented into pocketmine to prevent any damage from being done by this app. Because, there is always a way to counteract code.
    DestroyerofDeq likes this.
  7. deot
    Offline

    deot Active Member Plugin Developer

    Joined:
    Apr 22, 2015
    Posts:
    219
    Plugins:
    1
    Minecraft User:
    deot
    Guys, trust me, I see by myself on my server at my server PvP arena, they are invisible & they can kill people!! (I asked other player whether can see them too, they said not)

    EVEN PASSWORD HACK IS WORK,
    they use BruteForce Method to attack a person accont, I think Simple Auth need to add Try Attempt set to maybe 3 times
    [​IMG]
    They just keep trying any kind of combination off password with really fast rate...

    PvP Regeneration is work too.... zzzz Its really a serious problem, And force Day time, I confirmed these mod work on Pocketmine
  8. deot
    Offline

    deot Active Member Plugin Developer

    Joined:
    Apr 22, 2015
    Posts:
    219
    Plugins:
    1
    Minecraft User:
    deot
    Yeah, I hope it removed from Play Store, but as my experience, this hack can even survive without Play Store.... This hack still can spread over the world to every Mcpe User with others website like Forum, Modding website etc in one day...

    Now, I just hope PocketMine can update and block all these hacks
  9. Exxarion
    Offline

    Exxarion Active Member Plugin Developer

    Joined:
    Jan 5, 2014
    Posts:
    242
    Plugins:
    1
    Minecraft User:
    Notch
    I have just tested this app on one of my private test servers. A lot of the mods work, unfortunately.

    Im not concerned of A+Craft, because it has an advanced Anti-Cheat system, im concerned of all the servers in the pocketmine community. It can really ruin tons of servers, along with ruining players reputations.

    Pocketmine (or some plugin) must have an anti-cheat system in order to render this app useless, and thus bring the hate to it.
    Andrey Nazarchuk likes this.
  10. deot
    Offline

    deot Active Member Plugin Developer

    Joined:
    Apr 22, 2015
    Posts:
    219
    Plugins:
    1
    Minecraft User:
    deot
    Yeah, so I reported, I already know some hacks (maybe I should call it mod) work...
    pocketMine is in threat.... Most craziest is Invisible mod....

    We really need somebody that can help not only me, all of the Mcpe server owner run with pocketMine can get these updates to protect thier server from being hack. :)

    From now, most important!! SimpleAuth nees to add Try Attempt to protect all users account being hacked
    LDX likes this.
  11. LDX
    Offline

    LDX Notable Member Plugin Developer

    Joined:
    Oct 2, 2013
    Posts:
    1,434
    Plugins:
    14
    SimpleAuth is going nowhere. However, EasyAuth will be updated against brute-force attacks today.
  12. deot
    Offline

    deot Active Member Plugin Developer

    Joined:
    Apr 22, 2015
    Posts:
    219
    Plugins:
    1
    Minecraft User:
    deot
    EasyAuth? What's that? New plugins?
  13. Pman1220
    Offline

    Pman1220 Active Member Plugin Developer

    Joined:
    Nov 21, 2013
    Posts:
    123
    Plugins:
    1
    Minecraft User:
    Pman1220
    Well this is a huge problem(obviously). We really need to bump our security plugins though. If you havent noticed, pocketmine doesn't have a whole lot to offer when it comes to in game security. Don't get me wrong iprotector and simpleauth are great but there is defiantly room for improvement.
  14. deot
    Offline

    deot Active Member Plugin Developer

    Joined:
    Apr 22, 2015
    Posts:
    219
    Plugins:
    1
    Minecraft User:
    deot
    I agree, not only SimpleAuth only, the security of pocketMine needed to be update to prevent Spam mod, Invisible mod, sprint mod, fly mod, PvP regeneration mod, x-ray mod, see victims camera mod and so far
  15. Jazzwhistle
    Offline

    Jazzwhistle Notable Member

    Joined:
    Dec 27, 2014
    Posts:
    365
    Minecraft User:
    Awzaw
    Great to hear that LDX :) will it be compatible with existing SimpleAuth credentials?
    LDX likes this.
  16. Legoboy0215
    Offline

    Legoboy0215 Notable Member

    Joined:
    Nov 1, 2014
    Posts:
    1,747
    Minecraft User:
    Legoboy0215
    I know that normally server devs do not like to share their plugins, but most of us had enough on GhostHack. BTW, how does ghosthack even work? Server checks I thought, not the client. Someone maybe try to explore the code..
  17. Jazzwhistle
    Offline

    Jazzwhistle Notable Member

    Joined:
    Dec 27, 2014
    Posts:
    365
    Minecraft User:
    Awzaw
    Last edited: May 20, 2015
  18. xiaoq
    Offline

    xiaoq Active Member

    Joined:
    Dec 23, 2014
    Posts:
    232
    Minecraft User:
    xiaoq
    I set some of the mine to drop a random stuff to defense x-ray:D
  19. LDX
    Offline

    LDX Notable Member Plugin Developer

    Joined:
    Oct 2, 2013
    Posts:
    1,434
    Plugins:
    14
    Unfortunately, no, because we use different hashing methods.
    Smarticles101 and iJoshuaHD like this.
  20. PixelGuy75
    Offline

    PixelGuy75 Notable Member Plugin Developer

    Joined:
    Feb 9, 2014
    Posts:
    316
    Plugins:
    2
    Minecraft User:
    PixelGuy75
    When do you think EasyAuth will be available for public?
Thread Status:
Not open for further replies.

Share This Page

Advertisement