Advertisement
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Server got hacked?

Comments in 'Plugin Development' started by BacuRoyal, Nov 26, 2013.

  1. BacuRoyal
    Offline

    BacuRoyal New Member

    Joined:
    Oct 18, 2013
    Posts:
    16
    Minecraft User:
    BacuAGaming
    Is it possible for a pocketmine server to be hacked? Alose need help with server unable to get non-object.
    Thanks BacuRoyal
  2. Falk
    Offline

    Falk Staff Member Global Moderator

    Joined:
    Sep 2, 2013
    Posts:
    1,710
    Plugins:
    22
    Minecraft User:
    Falkirknh
    Servers could be hacked if you create easy FTP and/or SSH passwords for a VPS. I dong know of any vulnerabilities in PocketMine itself. As for the non-object, please provide the full error as it appears in the console.
  3. BacuRoyal
    Offline

    BacuRoyal New Member

    Joined:
    Oct 18, 2013
    Posts:
    16
    Minecraft User:
    BacuAGaming
    This is the Error_Dump



    ```
    # PocketMine-MP Error Dump Tue Nov 26 20:52:19 GMT 2013
    Error: array (
    'type' => 1,
    'message' => 'Call to a member function init() on a non-object',
    'file' => 'C:\\Users\\CalebPC\\Desktop\\PocketMine-MPfreefixed\\src\\API\\PluginAPI.php',
    'line' => 194,
    )

    Code:
    [185] $this->load($dir->path . $file);
    [186] }
    [187] }
    [188] }
    [189] }
    [190]
    [191] public function initAll(){
    [192] console("[INFO] Starting plugins...");
    [193] foreach($this->plugins as $p){
    [194] $p[0]->init(); //ARGHHH!!! Plugin loading randomly fails!!
    [195] }
    [196] }
    [197] }
    [198]
    [199]
    [200] interface Plugin{
    [201] public function __construct(ServerAPI $api, $server = false);
    [202] public function init();
    [203] public function __destruct();
    [204] }


    PM Version: Alpha_1.3.10 #618 [Protocol 12]
    Commit: 0000000000000000000000000000000000000000
    uname -a: Windows NT CALEBPC-PC 6.1 build 7601 (Windows 7 Home Premium Edition Service Pack 1) i586
    PHP Version: 5.5.6
    Zend version: 2.5.0
    OS : WINNT, win
    Debug Info: array (
    'tps' => 19.969999999999999,
    'memory_usage' => '22.07MB',
    'memory_peak_usage' => '22.24MB',
    'entities' => 1465,
    'players' => 0,
    'events' => 1,
    'handlers' => 6,
    'actions' => 1212,
    'garbage' => 0,
    )


    Parameters: array (
    'input' =>
    array (
    ),
    'commands' =>
    array (
    'enable-ansi' => true,
    ),
    'flags' =>
    array (
    ),
    )


    server.properties: array (
    'server-name' => 'BacuRoyalCraft',
    'description' => 'BacuRoyalCraft By BacuApps',
    'motd' => 'Welcome @player to BacuRoyalCraftFree!',
    'server-ip' => '',
    'server-port' => 19132,
    'server-type' => 'normal',
    'memory-limit' => '128M',
    'last-update' => 1385499122,
    'white-list' => false,
    'spawn-protection' => '16',
    'view-distance' => '3',
    'max-players' => 200,
    'allow-flight' => true,
    'spawn-animals' => false,
    'spawn-mobs' => false,
    'gamemode' => 0,
    'hardcore' => false,
    'pvp' => true,
    'difficulty' => 2,
    'generator-settings' => '',
    'level-name' => 'world',
    'level-seed' => '',
    'level-type' => 'DEFAULT',
    'enable-query' => true,
    'enable-rcon' => true,
    'rcon.password' => '******',
    'send-usage' => false,
    'auto-save' => true,
    )


    Loaded plugins:
    AuthPro 1.0.1-Alpha by Kevin Wang


    Loaded Modules: array (
    0 => 'Core',
    1 => 'bcmath',
    2 => 'calendar',
    3 => 'ctype',
    4 => 'date',
    5 => 'ereg',
    6 => 'filter',
    7 => 'ftp',
    8 => 'hash',
    9 => 'iconv',
    10 => 'json',
    11 => 'mcrypt',
    12 => 'SPL',
    13 => 'odbc',
    14 => 'pcre',
    15 => 'Reflection',
    16 => 'session',
    17 => 'standard',
    18 => 'mysqlnd',
    19 => 'tokenizer',
    20 => 'zip',
    21 => 'zlib',
    22 => 'libxml',
    23 => 'dom',
    24 => 'PDO',
    25 => 'Phar',
    26 => 'SimpleXML',
    27 => 'wddx',
    28 => 'xml',
    29 => 'xmlreader',
    30 => 'xmlwriter',
    31 => 'curl',
    32 => 'sqlite3',
    33 => 'sockets',
    34 => 'shmop',
    35 => 'pthreads',
    36 => 'com_dotnet',
    37 => 'mhash',
    38 => 'xdebug',
    )
    Memory Usage Tracking:
    AwA=


    ```
  4. Falk
    Offline

    Falk Staff Member Global Moderator

    Joined:
    Sep 2, 2013
    Posts:
    1,710
    Plugins:
    22
    Minecraft User:
    Falkirknh
    It may be an issue with AuthPro, did you have this issue before that was installed?

    EDIT: 500 Messages!
    BacuRoyal likes this.
  5. BacuRoyal
    Offline

    BacuRoyal New Member

    Joined:
    Oct 18, 2013
    Posts:
    16
    Minecraft User:
    BacuAGaming
    I have had AuthPro Since the begining. I will try without it
  6. BacuRoyal
    Offline

    BacuRoyal New Member

    Joined:
    Oct 18, 2013
    Posts:
    16
    Minecraft User:
    BacuAGaming
    It worked. Could I send you another crash report from my other server?
  7. Falk
    Offline

    Falk Staff Member Global Moderator

    Joined:
    Sep 2, 2013
    Posts:
    1,710
    Plugins:
    22
    Minecraft User:
    Falkirknh
    Sure.
  8. BacuRoyal
    Offline

    BacuRoyal New Member

    Joined:
    Oct 18, 2013
    Posts:
    16
    Minecraft User:
    BacuAGaming
    This happens everytime I place a block the only plugin I have on is pocketmine essentials

    [ERROR] A level 8 error happened: "Undefined offset: 973606608" in "C:\Users\CalebPC\Desktop\PocketMine-MPPro\src\API\PluginAPI.php(87) : eval()'d code" at line 174
  9. Falk
    Offline

    Falk Staff Member Global Moderator

    Joined:
    Sep 2, 2013
    Posts:
    1,710
    Plugins:
    22
    Minecraft User:
    Falkirknh
    By PocketMine essentials do you mean vanished kevins plugin set or Essentials by ksymc?
  10. BacuRoyal
    Offline

    BacuRoyal New Member

    Joined:
    Oct 18, 2013
    Posts:
    16
    Minecraft User:
    BacuAGaming
    Kevin Wang plugin
  11. Falk
    Offline

    Falk Staff Member Global Moderator

    Joined:
    Sep 2, 2013
    Posts:
    1,710
    Plugins:
    22
    Minecraft User:
    Falkirknh
    Do you have the latest version installed and removed the src change?
  12. BacuRoyal
    Offline

    BacuRoyal New Member

    Joined:
    Oct 18, 2013
    Posts:
    16
    Minecraft User:
    BacuAGaming
    First time having it on the server
  13. Falk
    Offline

    Falk Staff Member Global Moderator

    Joined:
    Sep 2, 2013
    Posts:
    1,710
    Plugins:
    22
    Minecraft User:
    Falkirknh
    Are you trying to run the src change version on 1.3.10?
  14. BacuRoyal
    Offline

    BacuRoyal New Member

    Joined:
    Oct 18, 2013
    Posts:
    16
    Minecraft User:
    BacuAGaming
    Yeah I am. I am thinking about downgrading back to 1.3.9
  15. Falk
    Offline

    Falk Staff Member Global Moderator

    Joined:
    Sep 2, 2013
    Posts:
    1,710
    Plugins:
    22
    Minecraft User:
    Falkirknh
    The src change won't work on 1.3.10, you have to download the plugin only version on 1.3.10
  16. wies
    Offline

    wies Notable Member

    Joined:
    Aug 23, 2013
    Posts:
    392
    I think PocketMine is vulnerability-free but 1 vulnerability in any of your programs or operating system is enough to hack your server, but this will most likely not happen. But a thing that can happen (and is very annoying) is booting or also called ddos-attack, this will overload your server until it crashes but won't hack it. But most vps providers have a ddos protection
  17. shoghicp
    Offline

    shoghicp Staff Member PocketMine Team

    Joined:
    Aug 22, 2013
    Posts:
    436
    Plugins:
    14
    Minecraft User:
    shoghicp
    PocketMine-MP is free from code execution bugs on the packet handling. That is the only part exposed to the internet. Other way it can be hacked is because of vulnerabilities on plugins, or even plugins having a backdoor.

    Also, DDoS attack are harder to do in PocketMine-MP Alpha_1.3.11dev. We found some "Packets of Death" that caused PocketMine to enter an infinite loop and kick everyone. That was fixed, and hardened against future attacks. As with any normal DDoS attack, it will have a bad time handling lots of packets, so it will might drop the players. But once it stops, the server will be up again.
    BacuRoyal and Falk like this.

Share This Page

Advertisement