Is it possible for a pocketmine server to be hacked? Alose need help with server unable to get non-object. Thanks BacuRoyal
Servers could be hacked if you create easy FTP and/or SSH passwords for a VPS. I dong know of any vulnerabilities in PocketMine itself. As for the non-object, please provide the full error as it appears in the console.
This is the Error_Dump ``` # PocketMine-MP Error Dump Tue Nov 26 20:52:19 GMT 2013 Error: array ( 'type' => 1, 'message' => 'Call to a member function init() on a non-object', 'file' => 'C:\\Users\\CalebPC\\Desktop\\PocketMine-MPfreefixed\\src\\API\\PluginAPI.php', 'line' => 194, ) Code: [185] $this->load($dir->path . $file); [186] } [187] } [188] } [189] } [190] [191] public function initAll(){ [192] console("[INFO] Starting plugins..."); [193] foreach($this->plugins as $p){ [194] $p[0]->init(); //ARGHHH!!! Plugin loading randomly fails!! [195] } [196] } [197] } [198] [199] [200] interface Plugin{ [201] public function __construct(ServerAPI $api, $server = false); [202] public function init(); [203] public function __destruct(); [204] } PM Version: Alpha_1.3.10 #618 [Protocol 12] Commit: 0000000000000000000000000000000000000000 uname -a: Windows NT CALEBPC-PC 6.1 build 7601 (Windows 7 Home Premium Edition Service Pack 1) i586 PHP Version: 5.5.6 Zend version: 2.5.0 OS : WINNT, win Debug Info: array ( 'tps' => 19.969999999999999, 'memory_usage' => '22.07MB', 'memory_peak_usage' => '22.24MB', 'entities' => 1465, 'players' => 0, 'events' => 1, 'handlers' => 6, 'actions' => 1212, 'garbage' => 0, ) Parameters: array ( 'input' => array ( ), 'commands' => array ( 'enable-ansi' => true, ), 'flags' => array ( ), ) server.properties: array ( 'server-name' => 'BacuRoyalCraft', 'description' => 'BacuRoyalCraft By BacuApps', 'motd' => 'Welcome @player to BacuRoyalCraftFree!', 'server-ip' => '', 'server-port' => 19132, 'server-type' => 'normal', 'memory-limit' => '128M', 'last-update' => 1385499122, 'white-list' => false, 'spawn-protection' => '16', 'view-distance' => '3', 'max-players' => 200, 'allow-flight' => true, 'spawn-animals' => false, 'spawn-mobs' => false, 'gamemode' => 0, 'hardcore' => false, 'pvp' => true, 'difficulty' => 2, 'generator-settings' => '', 'level-name' => 'world', 'level-seed' => '', 'level-type' => 'DEFAULT', 'enable-query' => true, 'enable-rcon' => true, 'rcon.password' => '******', 'send-usage' => false, 'auto-save' => true, ) Loaded plugins: AuthPro 1.0.1-Alpha by Kevin Wang Loaded Modules: array ( 0 => 'Core', 1 => 'bcmath', 2 => 'calendar', 3 => 'ctype', 4 => 'date', 5 => 'ereg', 6 => 'filter', 7 => 'ftp', 8 => 'hash', 9 => 'iconv', 10 => 'json', 11 => 'mcrypt', 12 => 'SPL', 13 => 'odbc', 14 => 'pcre', 15 => 'Reflection', 16 => 'session', 17 => 'standard', 18 => 'mysqlnd', 19 => 'tokenizer', 20 => 'zip', 21 => 'zlib', 22 => 'libxml', 23 => 'dom', 24 => 'PDO', 25 => 'Phar', 26 => 'SimpleXML', 27 => 'wddx', 28 => 'xml', 29 => 'xmlreader', 30 => 'xmlwriter', 31 => 'curl', 32 => 'sqlite3', 33 => 'sockets', 34 => 'shmop', 35 => 'pthreads', 36 => 'com_dotnet', 37 => 'mhash', 38 => 'xdebug', ) Memory Usage Tracking: AwA= ```
It may be an issue with AuthPro, did you have this issue before that was installed? EDIT: 500 Messages!
This happens everytime I place a block the only plugin I have on is pocketmine essentials [ERROR] A level 8 error happened: "Undefined offset: 973606608" in "C:\Users\CalebPC\Desktop\PocketMine-MPPro\src\API\PluginAPI.php(87) : eval()'d code" at line 174
I think PocketMine is vulnerability-free but 1 vulnerability in any of your programs or operating system is enough to hack your server, but this will most likely not happen. But a thing that can happen (and is very annoying) is booting or also called ddos-attack, this will overload your server until it crashes but won't hack it. But most vps providers have a ddos protection
PocketMine-MP is free from code execution bugs on the packet handling. That is the only part exposed to the internet. Other way it can be hacked is because of vulnerabilities on plugins, or even plugins having a backdoor. Also, DDoS attack are harder to do in PocketMine-MP Alpha_1.3.11dev. We found some "Packets of Death" that caused PocketMine to enter an infinite loop and kick everyone. That was fixed, and hardened against future attacks. As with any normal DDoS attack, it will have a bad time handling lots of packets, so it will might drop the players. But once it stops, the server will be up again.
