#help-server

soon we gonna hear about it 👍

@narrow coyote if you're interested, see above jar

https://www.spigotmc.org/resources/eventdebugger.82055/

now the only thing to find out is, which plugin is spreading it?

i think this plugin in spigot web has the malware

check it out

i don't use this tho

after i installed that shit my whole server just got fcked

Nah, JanTuck is reputable

this is the plugin list by the way

then, another server

all plugins are legit, purchased, or free (most).

that plugin from the website has the "javaassist" package in all of my plugins

Well, javaassist is actually a useful library, especially for that type of plugin

anyone knows how to "fix" this?

Well Choco, seems like I will have to stay awake another night eh.

It's already 4am, but I feel like if I go to sleep, everything gonna go to shit.

Use a permission plugin, imo LuckPerms is the best choice

Also, were you able to find anything new about the plugin?

I'm using it, but I don't know how to use it, I changed the format of editable files to YALM, but the folders of the "ranges" don't appear.

I don't know if they don't appear because I'm using Aternos to open the files.

@full kelp mate before using any plugin, please do read the wiki.

You use luckperms not by configuring the yaml files, but you use the web editor they give you, or via commands.

https://tenor.com/view/summoned-i-have-been-summoned-power-gif-15859341

The Wiki of LuckPerms will help you. https://luckperms.net/wiki/Home

Might be something you've seen before so I figured you'd be interested lol

It's obfuscated to shit

This is impossible. That malware spreads to every jar, you've got no choice but to re-install every plugin

Definitely seen it before, many times lol

Figured you would have

Oh, what is that thing then

Yea, 600-ish malicious plugins by now.
I've seen a lot of stuff lol

I don't know if I have to feel sorry for you, or to call you Lord of the Malwares

I'd imagine a good chunk of what's in that obfuscated code is to copy the malware into other jars

A lot of it seemed bytecode related

That's why javassist is used

ye

As for the actual malware, it's a C&C thing iirc

connects to a server & can receive commands

Oh, so basically someone wants to control the server with commands

So ironically enough, it's an RCE

I've dealt with malware specifically since 2019, so pick one lol

LMAO. I'm dead.

"RCE FIX", "NoLog4J"

🥲 assholes.

Ok, so got some questions now, where did I get it from?

As said before, all my plugins are legit downloaded from spigot.

Maybe just some weird plugin you had installed temporarily.

And, how do I find the culprit?

Can we see who is trying to control the plugin or anything?

Probably not without some annoying reverse engineering. Maybe if Optic is bored enough to string through it lol

Doubt it, I do have something iirc

gimme a sec

I might have found the culprit of the malware.

Give me a second as well

If it's from Spigot, create a report for said plugin and we'll peek at it, handle accordingly

(we like to have those things on record, so the report helps)

Slap this in your plugins folder and run the server

Make sure to rename it to !.jar though, makes sure it's at the top of the file list

You couldn't have given it a less sus name? lmao

That's discord renaming it lol

ok, give me a second then

I have to compile to !.jar so it's always at the top of the file list and is usually the first plugin loaded

Oh does Discord not like ! as a file name? lol

All it is is a Security Manager that logs all the things 😂

which includes things like URL connections

no

I wouldn't be surprised if it's A-Za-z0-9

The only way this is possible is if they re-download the malware 🙂

you're unable to find the original if you've already ran the server

I might have found the culprit of the malware.
Figured maybe they'd had reason to believe they found it

Unless you're ya know... me... and you just mass-download and mass-scan everything again lol

ok, i did everything as you said by the way

added the jar, started the server

I'd run a spiget instance and just get everything but spiget doesn't want to compile properly 😐

Assuming it worked, just wait a while. Should log a bunch of stuff to console

once the server's fully loaded you can stop it and send the log

yeah it's taking a while 😳

the log file is going to be pretty fat

Most likely, like I said it logs everything that passes through the security manager lol

Nothing better than fat logs

damnit inventive and your missing dependencies

body shaming 😔

it's gonna take a while apparently, because it's checking a lot of things

Fun fact: I made that specifically because of obfuscated plugins @runic rain

Less checking and more just logging everything passing through it, which means it takes a good while lol

Well well, but so far when was the first time you encountered this plugin?

Also I might know which plugin did that

shrug for all I know I could of encountered this specific malware in 2019

Oh jeez... 2019 ._.

That is when I started the anti-malware project 😂

https://www.spigotmc.org/resources/spigot-anti-malware.64982/

Also had this https://www.spigotmc.org/threads/list-of-found-malware.389467/ up until I became resource staff

Well, I wonder how such old things can still happen ._.

no one reports them >.<

Like, all plugins that I use are for 1.18.2, and if you say that is from 2019

Mhhhhhh

The malware has had many different variations

Gotcha

looking at my collection, 604 malicious plugins

I wish I had that many girls 😔

Majority of them being found by me and my own tool lol

Does that tool help preventing them or just scanning the servers?

Like, it stops the malwares? Or it detects them.

Detects, too many false-positives to straight up delete them

But it does a pretty good job at it 👀

I use LuckPerms plugin set the identity group color, but the character color in the server does not change,how can help me?

In fact this very malware is detected by it lol

Understood, also I think the startup just got stuck or something

[11:04:21 INFO]: [___ASecurityManager] [AntiMalware Logger] [11:04:21] [DEBUG]: PvPManager|nc.eg|publish checkPackageAccess Pkg: java.util.logging
[11:04:21 WARN]: Apr 12, 2022 11:04:21 AM io.papermc.paper.logging.SysoutCatcher$WrappedOutStream println
[11:04:21 WARN]: INFO: [AntiMalware Logger] [11:04:21] [DEBUG]: PvPManager|nc.eg|publish checkPackageAccess Pkg: java.util.logging

latest log that was printed

It might be done, try stopping the server

ok

the server didn't fully start however

huh

weird 👀

🥲

meh, stop it anyways. I can go through what's there lol

what in the f.

100 MB

the latest log

quite a lot gets logged. You'll wanna use mediafire or something for that

I understand now why it took so long

Uploading as we speak

👍

This sussy malware is about to get spanked.

can I disable world cheats while having spigot ?

what do you mean by cheats?

if we're lucky, I should be able to figure out if it connects to any server or anything like that

hohohoho

things are getting interesting here

https://www.mediafire.com/file/ih1x36orr9b26t8/latest-5.log/file

it's in bedrock
cheats enabled will disable achievements so I was wondering if it can be turned off in spigot
cheats = commands

no

How do you feel about that log @runic rain lol

I myself, feel something is sussy

I think it would kick them tho because of bungeecord not being able to read packets

There's a bunch of 000webhostapp calls from DiscordSRV.
Sites asleep though, but I assume that's the site the malware is calling

Ok so basically the malware would use DiscordSRV to ping @everyone and just spam the infected server with shit.

Classic.

The malware spread to every jar, so it doesn't matter if you remove only one jar. You'd have to remove all of them

or fetch user data for a different bot

This also doesn't mean DiscordSRV is the main jar either, this just happens to be the one that was started first

Gotcha, no problems I can replace all jars easily. But who is the sussy author who started it

good luck finding that out

shrug no idea, that's the fun part. It's impossible to tell without checking all the new jars before running the server

Someone dedicated enough could do it ngl

But considering it could potentially be 60+ plugins no ty

Not difficult to check the new jars honestly, you're only looking for a single file lol

hold on, i might have some news from one of my devs

you could also use my anti-malware 😉

i think i might have something

wink wink nudge nudge

Can I scan a whole directory of jars?

Yes, including specific .jar and .class files

Every CLI argument can be found via --help

You have my interest now actually

optic

https://www.spigotmc.org/resources/spigot-anti-malware.64982/

you should make a scanning program

that lists every URL that any .jar file ever connects to

plugin or not

and if you're really bored

That's something that'll have to wait. I have other things I need to focus on first

.apk

apk isn't within the scope of my projects currently

Maybe in the future

I am soon sending a jar that i suspect is infected

👍

yess gimme all the malware

developer said that's the only plugin he added lately

and, luckily for all of us

it was not from spigot

that's the plugin i just uploaded

that's from a fork of ImageOnMap

it was from github

That does have the malware in it

happen to have the github link?

yep, it's that 100%

gimme a sec

"Temp Fix"

xD

I am dead.

https://github.com/zDevelopers/ImageOnMap/files/8238442/ImageOnMap-4.2.2-TEMP-FIX-1.18.2.zip

https://github.com/zDevelopers/ImageOnMap/issues/255

https://cdn.discordapp.com/attachments/938612857258512395/963272246728724510/unknown.png

https://cdn.discordapp.com/attachments/938612857258512395/963273357627899934/unknown.png

this is also the TAB plugin developer so since he said everything was fine, my developer trusted his opinion

which was apparently a mistake which lead to tragic consequences and a sleepless night for me

never heard of jeremy before

https://github.com/J-eremy

Ah, if only more people used my anti-malware

or just dont download a random jar off a github issue comment

That is true, however you'd be able to roughly check if it's malware via said tool 😉

how does the tool work?

magic

do i need to install it on every specific server?

or do i just make a test server

and use it there

thats true indeed

Not really no, you can just scan the .jar files on your local PC

I got MAC

😔

it's ran as a normal jar, just chuck the plugins and anti-malware jar in the same folder and run it as follows java -jar MCAntiMalware.jar --scanDirectory .

gotcha, tysm mate

have been very helpful

as for the imageonmap fork, can't be fixed yea?

The only time you'd need throw them all on the same server is if you wanted extra protection via the --serverJar arg lol

no idea honestly

whats the issue with it?

it's the plugin that has the malware

I just got saved by the quickshop plugin, it forced stop my server and sent me this file lol

lmao I think I know what happened here

what happened

Just download the source and compile it

I believe that uhh J-eremy guy had some infected plugins before testing the recompiled plugin - which means that the plugin got infected as well, and then he ended up distributing it :p

L.

Glory to free promotion!

oh not a bad idea tbh

cause his commits didnt look sus at all

it was just 2 strings changed

...I mean you don't need to commit malware either.

Side note though @west cloak
Don't bother with regular anti-malware, it's pretty much useless for java based stuff and even more useless for spigot lol

well what he did was sent a jar to them, but his actual source code wasnt effected

oh, right!

so he likely uploaded the jar from his server instead of from /target -> github issue

Anyway malware writers are fucking weak

Imagine relying on Javassist

all anti-malware I've tried on my java based code has failed

I'd just reimplement ASM myself in a single class ;)

You should just be able to download it from spigot or if theres releases on here

This is not a surprise, mine's the only one that actually deals with java code properly lol

alright guys, thank you all for the amazing night

does your code go over reflective methods?

I would have rather slept, but this was fun too

to an extent, yes

Cheers, hope to talk to ya'll soon (actually I hope not because it would be something regarding malwares again).

But was a pleasure, and thanks again.

👍

https://github.com/zDevelopers/ImageOnMap/releases/tag/v4.2.2

There's this tag on theyre GitHub Italian btw

I'm assuming you have checks for forceop but reflected lmao

pretty sure I'm dealing with reflection too

is the MCAntiMalware on github latest

?

I believe so, I'm not seeing any changes in my IDE

ahhhk

you need a server jar to run it right

nope

no?

Standalone, a server jar is only needed if you use functionality requiring a server jar

I'm fucking stupid when I tried to use this last time I couldn't figure it out

lol

by default it tries to scan a plugins folder, however the directory it tries to scan can be changed via --scanDirectory <path>

You can also scan a single file by doing --scanFile <path>

ahhh okay my code musta not tripped it

god now that I have a better pc I can spin up a pc and test this stuff much more safely

Easy fix. DM the jar

I don't have the code new pc

I can just spin up another one though it was a pretty simple encryption method

honestly it could be stopped with permissions, but how many server owners actually know how to do that properly lmao

https://www.spigotmc.org/resources/dupe-fixes-illegal-stack-remover.44411/

@west cloak server version?

https://pastebin.com/WJaKQWKV

You tried to downgrade a world

?

You should try in genuinely interested

The world you are trying to load is for a newer version of Minecraft. Delete it and let it make a new one

its a map

-_-

This is the spigot discord

you are using purpur

go to their discord to get help with their implementation

And it does not support your version. Also what frostalf said

are we talking about bukkit?

because if so howw do i use javaassist

javassist byte code manipulation

it is handy to create proxy classes and if for whatever reason you don't have the source for particular classes or jar you can still modify what you need modified.

It is similar to ByteBuddy and ASM

Hi, how can I install SSL on my server? My plugin runs websocket so i want to make connection secure

you should have it installed if not recommend OpenSSL

Server version

Which one

1.16.5 if you look at the logs

Ah

That explains the dupes

Lolo

Hey, are there any spigot settings that can mess with portal-based farms?

Also whats the normal value for mob-spawn-range?

I am assuming you are having issues with skeletons or something or whatever that variant is

Me?

well you are asking about portal based farms

well yea

so I assumed there might have been something more specific in that question 😛

if not, then my bad lol

lol

but rn im asking for gold farm

a portal based gold farm

Well, the only issue you might run into in regards to portals is the chunk on one side not being loaded

i afk at build limit, it has 34 layers but produces only 1.6k ingots/h

but if im the only player, that wont happen right?

chunks don't stay loaded if there is no player in them unless you have a plugin that keeps it loaded

you probably could mess with some settings in the configs in regards how long chunks stay loaded for

where you then travel to the relevant places for the portals and thus those chunks are now loaded for a longer period of time before being tossed away

spigotmc aims to not change vanilla mechanics as much as possible, but not everything vanilla mc does is beneficial when it comes to running servers so this is probably one of those cases where vanilla mc and spigot can differ in regards to mechanics lol

There is other settings that could affect your farm too

such as entity activation range

where even though the chunk is loaded, the entities in the chunk are sort of paused because there isn't a player nearby

Then you have mob spawning ranges as well

^^

ill check on that

ooof sry for the ping

I don't remember what it is, but it is generally the default unless changed so you can probably just look at the minecraft wiki for that value

or just look in a clean generated config

another setting that might affect some farms is entity spawn limits in a chunk

so, until the entities move out of the chunk or die, no more entities spawn in that chunk because limit is hit and there is another limit similar to this and this is the entity limit for the server

Unless altered, does the value of this stay same in singleplayer and mutliplayer worlds?

Does Spigot alter it automatically?

I think spigot alters that limit to be slightly lower

most of the time it doesn't affect servers or most times don't notice it

but its not until you go to the extremes with these farms sometimes you really do notice it XD

ahhh ok, btw do i find this setting in the spigot.yml file or smnwhere else?

hmm yea

makes sense

most of them are in spigot.yml

and a few are in bukkit.yml

thanks a ton!

earlier the reason I thought you were asking about something specific

is because there was a person the other day complaining about portals and how a certain entity that once it goes through it, magically disappears

it is sort of a bug I guess you could say because vanilla mc mechanic is to load the chunk on the other side of the portal when such an entity goes through it

but doesn't happen on spigot, not sure if spigot intends to fix it or leave it as it is

hmm

https://www.spigotmc.org/wiki/spigot-configuration/

ty

https://bukkit.fandom.com/wiki/Bukkit.yml

Hey I'm lag backing in my server a lot when I dont have OP on the server, could anyone know why?
These are the plugins: **AdvancedAchievements, AngelChest, AnimaBossBar*, AsyncWorldEdit, AureliumSkills, BattlePass, BeaconPlus3, BeautyQuests, BetterSleeping4, BotSentry, ChatControl, Chunky, Citizens, ClearLag, CMILib, CoreProtect, DeluxeMenus, DiscordSRV, dynmap, eGlow, Essentials, EssentialsChat, EssentialsSpawn, ExcellentCrates, ExcellentEnchants, F3Name, FastAsyncWorldEdit (WorldEdit), GSit, HackedCore*, HackedServer*, HamsterAPI*, HeadBlocks, HolographicDisplays, InteractionVisualizer, Jobs, KixsChatGames, LagAssist, LibsDisguises, LightAPI, LiteBans, LPX, LuckPerms, ModelEngine, Multiverse-Core, MythicMobs, NexEngine, NoMobGrief*, NoPlugins, Oraxen, PlaceholderAPI, PlayTime*, PremiumVanish, ProtocolLib, PublicCrafters, Randomtp, RealisticSeasons, Scoreboard-revision*, ShopGUIPlus, SimplePortals, spark, TAB, Towny, TrollingFreedom, Vault, ViaVersion, VoidGen, VoidSpawn, Vulcan, WorldGuard, zAuctionHouseV3**

I checked both but i dont seem to find a max-entities per chunk in either

Just incase someone says its the Vulcan anticheat, It's not I removed it and I was still lagbacking without the anticheat on.

it could have been removed or I was remembering incorrectly

otherwise there is still plenty of other config settings in relation to entities and players 🙂

Can someone please help, I need to get this fixed as lagback is rly annoying

you should probably setup permissions properly and not give yourself the * permission because in some plugins, doing this not only gives you all permissions but also applies all effects or even permissions that negate things you wanted to have

if I deop myself and make myself default rank that has no "*" permission, it still lagbacks me

then it is possible that out of the various plugins the default rank needs some permissions

I see you have Essentials

there is some permissions from there default rank needs

like modifyworld

doubt their server is actually lagging

Its 20 tps

Oh okay, thanks :)

it says
13:04:49 [INFO] [BridalPepper25] disconnected with: Could not connect to a default or fallback server. Incorrectly configured address/port/firewall? ConnectTimeoutException : connection timed out: in01.elysianhost.com/206.189.130.236:25569 even if the ip is correct..

https://www.spigotmc.org/wiki/bungeecord-configuration-guide/

Make sure you follow it very carefully

bungee cord needs a more explicit error message, maybe some pictures drawn by mfnalex

I have a problem with my Minecraft (Paper) Server! Ca. 2-4h after the start the server turns off. There are no errors only the message: shutting down.

Ask in the paper discord this is for spigot

then you need to read your logs and check your cron

https://pastebin.com/mVmkUHWv

you intentionally installing exploits on your server? [15:16:18] [Server thread/ERROR]: Error occurred while enabling RCEFix v1.0 (Is it up to date?)

no

@main oriole Are you german?/ do yu spek german

1.18.1 is patched remove any type of "rce" type plugin - most do the reverse and undo the fixes

ok

[15:42:17] [Server thread/WARN]: [Essentials] Permissions lag notice with (LuckPermsHandler). Response took 40.825606ms. Summary: Getting group for ameisenbeere

how can i see if a plugin is a rce plugin?

it is literally called rcefix

ok

anyway, whatever you are doing in worldedit, brush, etc is too heavy for teh server to keep up by the looks

ok

Idk if this is we’re to ask but is there a plugin that does what the command "log admin commands false" but only for specific players instead of all oped players?

Because I have an alt account that I don’t want other moderators to see doing commands

maybe you should demod them instead?

how can i disable the advancements on chat? Like someone made the advancement on mc chat (and log too)

settings - its in the bukkit or spigot config if i recall

you might even be able to supress it with a gamerule

oh thx

also i found a glitch / bug on server when someone (players are) leave the server and join back sometimes they got gm1 on survival server (not means they are hacking just randomly get gm1 to them) can i fix about this thing? cuz they are going to get some llegal items with gm1

you have gamemode enforced on?

yed

i forced to make them to gm0 but it keeps happening

hmm, luckperms i guess then. not run into that myself

oh kk i will delete it to see it

force-gamemode=true not sure what happens if you set it to another value, i'd think your server.properties would error

ok thx for help

it defaults to false if it's not "true".equalsIgnoreCase(string)

In my console I have this message being spammed

I think it's because of WorldGuard but I don't know how to make it stop

It keeps saying

default: playerNames

doesn't look like it's from worldguard

?paste your full log

https://paste.md-5.net/

Oh shit

1 sec

https://paste.md-5.net/qaxezaqexa.sql

Okay that's it

that's definitely not the full log

I clicked copy

Lemme restart server and get a fresh log

Logs are in the logs folder

Although the mc.logs plugin is kinda handy

I can't upload a file here

https://paste.md-5.net/wozetofiqi.md @summer comet

I think this is what you mean

yes, I thought maybe this message would instantly print when the plugin enables but it doesn't. you could try to run papermc as server software, it'll tell you what plugin is causing console output

oh wait, you use paper

normally it should show a nag message

ay @narrow coyote, houdy, kinda got wrecked today when i woke up and decided to replace all the jars in the server. Remember the RCE Fix jar? Apparently after replacing ALL plugin jars, and the server.jar, it still auto installs in the server.

hm I have no idea then, it's weird

weird 🤔
If you replaced literally every jar + the server.jar, it shouldn't of came back 🤔

well... that's what happened ._.

I'll have to re-go through the log then it seems. I can't think of anything else that could of happened unless there's new persistence methods being used

understood

I'm sorry.. I'm really new to this. Is there something I can do?

There seems to be a few zipfstmp5326986880826122171.tmp type files @west cloak

Still got them?

I'd disable some plugins and see when it stops 😄 also it's a terrible idea to install "ConsoleSpamFix". If there are errors, you want to see them

maybe ConsoleSpamFix is even suppressing the useful nag message that tells you what plugin is printing this weird message

The console kept spamming There are 23 players out of 50 currently online

And CONSOLE issued server command /list

where from

where can i find those files

Kinda like my current issue but ConsoleSpamFix doesn't stop the default: playerName one

that's probably Multiverse causing this

@west cloak
/home/container/./plugins/
So I assume the plugins folder

you can just add

- 'default: ' 

to your "Messages-To-Hide-Filter

in your noconsolespam config

Yeah, I did but it didn't stop it

although that might suppress some other useful messages

hm weird

I have no idea then, other to disable some plugins until it stops

thing is that the RCEFix jar doesn't have the folder

like it doesn't generate any folder

therefore I have to look in the existing plugins?

hmm, send me the RCEFix jar then 👍

Messages-To-Hide-Filter:
- 'There are'
- 'CONSOLE issued server command: /list'
- 'default: '

:/

here you go

I'll disable some plugins

sounds like a .jar his hoster is adding automatically

PLEASE DON'T DOWNLOAD ITS A MALWARE

wait isn't your server running in docker?

        if (event.getMessage().startsWith("${jndi:")) {
            event.setCancelled(true);
        }

Well, it does fix the RCE issue.
It's still malware, I'd have to go through the obfuscated code....which is the point of the logs lol

The RCE issue isn't even an issue anymor either lol

mine?

yes

I use pterodactyl

on a dedicated server

so yes

if you create a totally new ptero server, does it still come back?

if yes, your host OS is fucked

nope

some of my ptero servers are fine

i got a total of 10 servers appx, and only 3 of them are infected

because of the plugin that we added from github

the rest are fine

Yea, you'll have to run it again and see if you can get any of the .tmp files it creates in the directory I told you about

did you also remove the whole libraries/ folder?

They're all in /home/container/./plugins/

they are not there as far as I can see, but anyways

[01:24:51 INFO]: CONSOLE issued server command: /broadcast Its wednesday my dudes!

once i started the server

I'm not seeing anything for the libraries folder

run a profiler if you have one

nope, i am not very technical with this stuff, my knowledge is still limited

what's the point of a profiler in this case exactly?

mhhh, can those files be hidden?

i don't see them from ptero

should be able to see the jvm calls and where they originated from

that's basically what the plugin I had them install does lol

i missed that part, which plugin?

e.g. [11:00:22] [DEBUG]: DiscordSRV|skz15.Franslator|<init> checkRead File: /home/container/plugins/VoidGen-2.2.1.jar

i don't see any tmp file

but @narrow coyote what if

i gave you access to the console directly

so you can sneak around

i will make a backup of the files

and you can simply do what you want with them

i think this way is faster if you just look at it yourself

Assuming you don't have direct access to the OS itself, there's not much I can do with that that I already can't do by going through the log

I do have access to the OS myself tho

oh? So I assume the panel is just to make it easier or?

yeah, we host everything on pterodactyl

so that guys like me, who are not experienced in developing can do stuff

but the OS itself is a Debian 11

Mainly just seems to be fucking with the plugins, however I'm also not fully through it lol

yeah i just wanna see how i can get rid of it, as I don't want that thing staying in my server any longer

I can't see this folder from ptero /home/container/./plugins/, therefore I assume I have to go from the ssh?

I assume it's the plugins folder for the specific server

understood, but there is nothing there either

maybe it's hidden somewhere in a plugin folder

but i looked around, and nothing suspicious so far

hmm 🤔

check your jail folder above container

my what?

ok let's do something

let's join the VC, and I can stream the monitor

so you can see yourselves where to go

its a quirk i found with paradactyl

it's easier to guide me if you see where we can/can't go

you cant access it within the interface, but you can access/write/read files from that location

if someone wanted to hide something, that would be a good location

oh so from SSH?

yeah

ok, gimme a sec lemme open it

i found it by accident when working with annotated commands

ok, so

how do i find that thing

i am in the SSH connected

can you please guide me with the commands

as I have another developer taking care of the SSH part instead of me, but he is sleeping right now due to time zones

go to your server location

ok but like, the commands

in paradactyl it shows in the interface as /home but you cant access it. you can only access /home/container

okay. cleared some of the log, getting into the fun shit

let's go da baby

you know how to cd to change directories?

nop

oof

yes i know, that's why it's 3 of us

http://kuhjsdyg.000webhostapp.com/ is called, but last I checked it was asleep

Also reads from /usr/local/openjdk-17/conf/net.properties

ok i don't know what any of this means, so i'll assume it's bad

okay so

lets see, where would debian and paradactyl put their jails? /var ?

try removing the libraries directory

ok, yeeted

deleted cache and logs as well

actually wait, before we removed all jars and server.jar, we removed those directories as well

then i started the server, and the plugin was still there when it started up

log admin commands false for specific players

There's also calls to 145.14.145.78 as well

MHHH

should we also start a thread?

i just made a thread so it didnt interupt your conversation

Too much would be out of the thread at this point

understood, either way

so this IP 145.14.145.78, is basically potentially the IP of the guy who made the plugin

or a potential server or something

gotcha, well what do i do now

like knowing all this info, how to proceed

in removing this malware

we can wait for my other developer to wake up

if you don't mind, we can talk to each other at the same time as yesterday?

@narrow coyote, which would be in like 8 hours from now or so?

Should be fine 👍

cheers

does it list a port?

I mean it's possible the malware instantly downloaded something somewhere @main oriole but I feel like it would be somewhere in the log if it passed through the security manager some how 🤔

80 or -1

one doesn't exist and the other's asleep

well, not asleep, just generic hostingator page

oh?

I can quickly make an OpenJDK fork to better log the URL calls but @west cloak would have to replace the one being used, and it would be openjdk 19 iirc 😐

I'm not even sure anything supports that high up 👀

we can check it all later when my guy is gonna wake up, because he is far more technical than me and it will take less time to do things

https://domainwat.ch/site/sravanroy.com

nice

Yea, saw that too lol

Would be the best way to get what's logged URL side, but I'm not even sure it'll work lol

they also got multiple links

https://www.google.com/search?client=safari&rls=en&q=popohax0rr&ie=UTF-8&oe=UTF-8

not just this one

http://nitrogoldmadencilik.com

http://hajtanypalya.hu

if they have access to the os, and it is active, a packet sniffer could be setup

that is also true, one of these days I'll get into this stuff properly and do a service thread lol

Mayhaps pen testing in general 👀

how could they have access to the OS even...

i mean you

oh, i got a heart attack for a second

https://tenor.com/view/sanford-fred-heart-attack-nervous-gif-24657978

I wonder how many insecure servers I'd find doing this lol

a lot 🥲

lots, that stupid rce plugin garbage

not sure why spigotmc allowed them even

We're only aware of malware that's reported, or I eventually find via a mass scan

it's not on spigot, the malware

I'm not talking about this malware, but in general e.g. an open port for a program that's not secured properly

oh that, thats just admin inexperience

or even an outdated or insecure program in general, stuff you'd expect while doing penetration testing :p

admins would need to know how to properly configure their firewall before even trying to pentest

That's why I'd learn it properly and do a services thread :3

that changes over time, i've no idea how to use UFW

And? That's stuff you learn if you have it as a job lol

somewhat true, i can't run my hardware (which is why I use hosts), but it is still valid for your own home network

There's also many ways how to learn pen testing, try hack me or hack the box for example

egg-chicken-egg

Only reason I haven't gotten into it proper is because the VM I have doesn't run smoothly enough to get anything done

which vm and cpu?

VirtualBox & 11th Gen Intel(R) Core(TM) i5-11400F @ 2.60GHz, 2592 Mhz, 6 Core(s), 12 Logical Processor(s)

mmm unless it was fixed an i5 might struggle with VirtualBox, depends on bios setting and the current microcode though

i'd have to look it up

VM runs fine iirc, it's just the internet lol

if its just inet, then you should be fine for most, just no buffer overload swamp tests

not really, too slow for anything HTB or Try Hack Me related

doesnt really stop people who still use dialup

Well it's annoying enough for me lol
If I take it seriously I'll most likely get a laptop or something and just throw linux on that 😂

pretty sure thats better than mine

how do you make those booster pressure plates you see on mc servers and things

you step on em and they throw you forward

jump potion no?

no it automatically throws you

probably velocity change or something

its with a command block right?

no, plugin

🥱

I'll most likely go this route though, it'll make it easier if I'm not home and such anyways lol

how 0-0

haha nvm found it

https://media.discordapp.net/attachments/960629390604132362/960686618132500520/duck-dancing.gif

I do remember some very basic stuff, but it most likely wouldn't be much use in this case and I'm not about to recon a random ip without a vpn lol

recon?

https://media.discordapp.net/attachments/960629390604132362/960686618132500520/duck-dancing.gif

looks like a rotation pool

Ye, nmap and such

i do not know what nmap means

network map

program

my nuts

more specifically

Nmap is a network scanner created by Gordon Lyon. Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection. 

Hey does anyone know how to show essentials money in scoreboard in version 1.16.5

yo optic remember when I got an abuse by hetzner when I scanned the whole internet for MC servers using zmap lmao

does EssentialsX actually have ANY scoreboard feature at all?

If i am not mistaken, you need a separate scoreboard plugin. then you can just use PAPI to add placeholders for vault's balance

I coded a scoreboard myself and want to display the money there

use PlaceholderAPI

I have PlaceholderAPI

then use it? 😄

%vault_eco_balance%

supports EVERY proper eco plugin

%essentials_eco_balance%

is specifically for essentials

Okay

to replace stuff in any string, you can just do this:

text = me.clip.placeholderapi.PlaceholderAPI.setPlaceholders(player, text);

there you say it, proper

EssentialsX DOES support vault, though

I am like 99.9% sure about that

also sorry @river sierra you were right to ask in #help-development , I didn't know you were doing your own plugin

I thought you looked for a setting in Essentials config to show a scoreboard with the balance

is Okay

it does

🥱

😆

cringe im on a hotspot

🥱

XD

hello good afternoon, I currently have a survival that runs on a ryzen 5900x, but I face difficulty in opening slots for more players and the plan had a price readjustment, so anyway I have to change dedicated, I migrate to a ryzen 5950x or i9 12900k? which would be more effective? would you be able to say in % the performance gain? the i9 I am obliged to stay 6 months if I don't get a fine of 50% of the value per month, if I cancel in the first month I get a 5 month fine

hmm, you would need to provide more info. But i am guessing you are either looking at hetzner or OVH?

if you want a bit less hassle there are some decent hosts

both are 120 euro-ish at hetzner

My plugin events won't work. i used @EventHandler and i register the event in my onEnable() method but still no events works. Can someone help?

did you output to console to see if they are firing?

there is nothing about it in the console

did you put in messages so that you would know?

yes

whats your onenable code?

getServer().getPluginManager().registerEvents(this, this);

cant say thats how i do it

Than how you do it?

plugin.getServer().getPluginManager().registerEvents(this, plugin);

But is that not the same(kind of)?

possibly, however i try to stay within my plugin

but how can i fix the events ?

well your events are not registering if you are not getting stuff from them. So either you have an error and it unloaded on startup or you are not registering correctly

i register them correct but i dont know what the problem is. this is my event code

@EventHandler
public void onPlayerJoin(PlayerJoinEvent event) {

    Player p = event.getPlayer();
    
    p.sendMessage("Hi "+ChatColor.BOLD+""+ChatColor.GREEN+p.getName());
    System.out.println("PLAYER JOINED THE SERVER");

}

sout in plugin

?

nothin

is the owning class implementing Listener

wait ofc or else u couldnt register it

?paste the code u use to register and the event listener class @deft juniper

https://paste.md-5.net/

also this looks like a development issue, so id move to #help-development

the main thread effectivly uses 1 core only anyway. generally the one with the higher base frequency

but if you say that your cpu is at its limit ur either having such a big server that u make enough income on ur own

or ur plugins use it extremly inefficient

general approach is to use something like bungeecord and use a cluster of smaller servers for big community servers

which means at this point you shouldnt rely on the help of hobby devs anymore

ya

What will happen then?

it will shut down

hi

https://i.gyazo.com/caff5c9a40a949ba0e025d0bdd4d686c.png

I have that in a plugin, can I remove it or will removing it break the plugin?

As I do not want aliases

it would help to tell us what the plugin is

maybe ask the plugin dev

doesn't it work for any plugin?

It's a general question

Does removing a part from a config file break it?

it could

oh

so how can I make a part have like a none value?

ask the plugin dev

"what are valid values for this key?"

that's not what I mean tho

if u want an empty list, u could try "key: []"

@west cloak

yes

is there a difference between .yml and .json for making empty list?

honestly dont think so

i think theyre both just []

ok tysm

I fix it btw THX to everyone who (tried)help me

so instead of ```yaml
battle-pass-aliases:

• 'pass'
• 'bp'
• 'bpass'
• 'battlep'

I'd do
```yaml
battle-pass-aliases: []

Right?

yeah that should work

okay tysm

How do i disable fall damage in my server?

Only fall damage?

yes

Oh!

You can use Worldguard

and deny the fall-damage flag

either globally or in a specific region

thanks

im bad at using world guard thank u so much

np

can u tell me the command

/rg flag global fall-damage deny

is that correct

@hoary delta

/rg flag __global__ fall-damage deny

thanks

cya

can i set my version as "latest" in build tools, for my server

help! I am running purpur 1.16.5 and on my server I run /spawnpoint @s and it confirms it by saying "set spawpoint to ~ ~ ~ in minecraft:world" (~ are just the coords) but then when I /kill myself it says my home bed or respawn anchor is missing or obstructed. I NEED THIS FIXED

I am setting my spawn on a FULL block

not a slab or half block

This is the spigot server, not the purpur server. Also, do you have any plugins? I’d like a list

What is good free alternative for vulcan?

hk

hi

i want help

i put levelledmobs on my server when they kill then show lvl 23 en all i want to do that show zombie lvl when alive how :?

.

Sad

@summer comet @narrow coyote @main oriole if you are interested guys, the malware was spreading in other pterodactyl servers without the plugin being ever there.

therefore I assume I should start shitting bricks.

this is news

I must have missed this somewhere o.O

wouldn't happen to still have the malware ?

of course i do have it

I have the jar that auto-installs itself in the servers

🔴 ☠️ DO NOT DOWNLOAD IT'S A MALWARE ☠️ 🔴

Downloads

😔

if you want your server to go kaboom, that is fun

I'm not going to run it

the news is

which is much worse

my Survival server, does not have the plugin loaded in the server, therefore it did not happen at a server restart

Wait, let me try to explain better

The server has been up for 4 hours, but the plugin was installed 2 hours ago

Therefore it does not require for a server restart to install itself in the server

ok

but do you still have the plugin?

I am more interested in acquiring said malicious thing

as far as how to get rid of it

you need to delete all the plugin jars you have and the server jar

and re-install new ones that have been re-downloaded

the malicious code is embedded in those jars now and that is the only way to remove it

I already did all of that

however the malware came back

then you didn't remove something or you were using root or some user with elevated permissions that allowed it to spread

i use pterodactyl for all the servers

so it can't use root or go in my OS anyhow

as it won't have perms

you would be surprised and just because you pterodactyl doesn't mean you are magically protected

I am going to assume it managed to infect all the server jars under that panel

since that panel does not use separate uses to launch all of them

probably it did, which is what i am trying to understand

if all the servers are ran under the same user

then that malicious code can spread to everywhere that user has access

which means all your servers

there is a reason I don't use webpanels

and use systemd services where I can jail processes even if they are ran under the same user

well, that's more for advanced users, to not use the webpanels etc

unfortunately not everyone has this knowledge

@celest kernel nice talk, cya

help

I don't think you could have provided a more useless picture 😅

?paste

https://paste.md-5.net/

paste the error and link it

ok

paste.md-5.net/ucegedojum.md

https://paste.md-5.net/ucegedojum.md

Seems like essentials is locking the server thread because it failed prior

you are running 1.12 plugins with java 16

a bunch of libraries needed updates and the plugins you are using do not seem up to date

(neither is your server, 1.12 is years old)

try to run this with the appropriate java version

(it seems snakeyaml is having some access issues due to java 9's jigsaw changes)

no it isn't

it is quite easy

and as far as obtaining the knowledge isn't all that hard either.

do you know a plugin like multiverse that works in 1.12.2 ?

/spawnpoint doesnt work... I type the command and the game confirms it by saying something like "set spawnpoint to [] [] [] [] in minecraft:overworld for Player" but then when I /kill or die, it just teleports me to spawn and says I have no home bed or respawn anchor

pls help this is urgent

that command is weird

do /worldspawn

or how it is called

no but beds on my server dont even work

@narrow coyote sorry for the ping but this is urgent could you take a look at my situation

no idea, you shouldn't ping staff for this sort of thing

ok sorry. Do you know someone who would?

do you have any plugins installed

yes, a bunch are custom and dont touch the spawnpoint system. we have been using these plugins and the same maps and such for a while, but recently we switched hosts and now this is happening

if anyone knows whats going on, please dm with the solution

do you have worldguard?

yes

is that the issue?

Hi, do you know a plugin for a shop with signs?

essentials offers that I believe

Admin shop or player shop ??

player shop

https://github.com/Fickletcell/Best-minecraft-plugins#shops

There are few in this guide this might help

thank you so much

Can someone PLEASE help! /spawnpoint just randomly stopped working on my new host and I dont know why. It gives the spawnpoint confirmation in chat and the server registers it console but then when I kill myself, it sends me to spawn with the missing or obstructed spawnpoint message. I'm running paper 1.16.5 and I have no idea what is going on.

paper lol

is this paper?

where is paper

it does the same thing in spigot too

its probably one of your plugins

Paper would be the paper discord

And you can look it up

ok ty

sorry I didnt know there was a difference I thought it would be the same cause paper is a spigot fork

ok so same issue in spigot

here are my plugins

LuckPerms, VoidGen, ImageOnMap, JumpPad, Timewarp, PlaceholderAPI, Mcc-ChikenCounter, PowerCamera, CrispyAntiWDL, StickleEvent-TAB, SnowballDamage, Vault, StickleEvent-ReadyCheck, StickleEvent-Core, LPC, Multiverse-Core, WorldEdit, WorldGuard, Skript, SkBee, SkJade

dunno lol

try without all the plugins

I did and it worked in vanilla

should I just temp remove the plugins from the folder?

ok it works tysm people

Anyone use this before?

https://gitlab.com/dennislysenko/autorestart-v4/-/releases/b75

It downloads as a .zip file

Any free plugin that shows user client?

Like shows if client fabric or not specifically

this would mean your Pterodactyl was not at the latest version?

and also that your servers were not patched for:

Kevin — 03/08/2022
A new exploit was found in the linux kernel which effectively allows anybody to gain access to any other server. I did an integrity check and verified that the exploit was likely not used against pufferfish host customers. Machines will be rebooting in the next few minutes to apply a patch.

If you are not hosting with us, you should check with your hosting company to see if they have applied this patch.

you are downloading the wrong thing, there is a jar attached. make sure you download that instead

I'm looking but I don't see a .jar anywhere

why would you need a plugin for that?

possibly, however that is usually the realm of anti-cheats. maybe GrimAC?

Yeah... that's a .zip file

that downloaded a jar for me

Tysm Imma check it

???

How

what browser and antivirus are you using?

Firefox

No anti-virus

oof, that still alive?

It was because of my browser.....

-_-

Who would've thought

most everyone these days

endpoint usually tries to prevent me from downloading jar files

"d clear some of your RAM for a faster, smoother Minecraft experience" ...... yeah .... there is a good understanding how the jvm works and how to deal with bad GC - oh well to each their own

hi guys, i get Team §a already exists in this scoreboard bungeecord error on bungeecord when a bedwars game ends in minigames server

i deleted nametagedit plugin as suggested

but it didnt change

i had this error with different plugins as well

pls tag me if you reply 🙏

how tf do i make it so that litebans dosent tempban by default

Hi guys, my server is 1.17.1. When someone joins the server chunks not loading for them and for me, we literally waiting for 1-2 min on the air. what is causing this problem ?

mojang

any solution maybe ?

nope

just hope they fix it in 1.19

1.18 chunk loading is even worse

well that isnt fully true, there is one other option

there is a fork that has applied leaf's patches that goes a long way to mitigating teh chunk loading issue

which version should I use for my server ?

I dont wanna go too low how about 1.16 ?

is it good for this issue

1.16.5 was the last version before mojang recoded chunk loading as far as i know

however most would not give up 1.18 features just for that

additionally, if your issue is compounded by server or client specs, then it wont help a large amount

I'll try 1.16.5. if no change I'll go for 1.17.1 again. Thx for help.

i'd say do a back up and use the 1.18.2 endblock fork and see if that behaves better for you first. unless you have something that prevents you from using it

going backwards in big versions does not always have the greatest results if your world is not fully rendered

hello guys i need help for my spigot server

?ask

If you have a question, please just ask it. Don't look for staff or topic experts. Don't ask to ask or ask if people are awake or available. Just ask the question to the channel straight out, and wait patiently for a reply. Make sure you use the right channel regarding the topic of your question. Create a thread in case the channel is already in use!

ok

connect the water supply

?

hes kiddin

ok

maybe, i could have went with the MS tech response

How to create permission for my commande in commands.yml ? can anyone help

this a plugin command you wrote?

can i upload a picture ?

not until you verify

what ?

this discord wont let you until you verify on it

?verify

!verify

Usage: !verify <forums username>

smh

look i wont to add this permission for this command

done

where does that command come from?

oh wait its an alias

the commande is /omg

is from my datapack

the command is work but the permis is not work

working*

sorry i use google translation

where is your permissions section where you assign it?

the commande is in the commands.yml

should be something like

groups:
  new:
    default: true
    permissions:
    - minecraft.command.omg
  mod:
    inheritance:
    - new
```   etc

that's it ?

something like that, I learned Luckperms myself, that way you dont need to restart when you assign/change permissions

and how to assign permissions

users:
  MLB_11:
    group:
    - mod

?

my luckperms config.yml does not have groups:

  default: true
  permissions:
  - minecraft.command.omg
mod:
  inheritance:
  - new ```

I remind you of my problem

i want to create a permission for this command

why do you want to manage permissions individually per user instead of assigning the user to the group with the permissions?

I created a command that works see on the last image and I now want to create a permission for this command

and then I will apply this permission to the player/group that I want

but I don't know how to create a permission

i gave you both parts

can you remind me please

scroll up

where i put that

  new:
    default: true
    permissions:
    - minecraft.command.omg
  mod:
    inheritance:
    - new

and ```
users:
MLB_11:
group:
- mod

in permissions.yml did you look up how to use the file?

no

where is permissions.yml

you can't set permissions for aliases

i doubt that matters based on the last question

did you understand what my problem is?

is that not what you wanted to do originally?

i want to create a permission for this command

as I said

you can't create a permission for aliases

oh ok

thx

you could maybe use a separate plugin that lets you create commands, create the command /omg with a permission that runs your datapack

ok thank you i try this

Does anyone know where I can download Java17?

the internet 😛

what version/flavor?

_guess the general adoptium one: https://adoptium.net/_

anyone here know bungeecord errors well

i got a weird one

[Oute] disconnected with: Could not connect to a default or fallback server. Incorrectly configured address/port/firewall? AnnotatedConnectException : finishConnect(..) failed: Connection refused: /127.0.0.1:30000

Do you have a server running on port 30000 on the same machine

1.16.5 works perfectly fine. Thx for help.

hi does anyone know how to make the sun and moon go fast and smootly like this in minecraft?

i cant show video rn

https://www.youtube.com/watch?v=xYvWwO67wYo&ab_channel=BrentRolin

but this video is in bedrock

i wanna make it into java

can anyone help?

you sure?

I'm looking for*

I'm looking for a good anti-cheat

vulcan, spartan, GrimAC .... b mmm there is one more

which is better vulcan or matrix?

never heard of or used matrix

and which one is the best?

I heard the vulcan is very good

each has differences from the others

do you use geyser/support bedrock players?

?

I don't understand

what part?

do you use geyser/support bedrock players?

its a pretty simple yes or no question

i am guessing thats a no, so use Vulcan or GrimAC