Taking out (more) trash

We’d just been hit recently with a wave of griefers on the server. I am currently on vacation but was able to catch them in the act about 15 minutes after they signed in.
These players are permanently banned from NGminecraft:

Username IP Address Service Provider Physical Location Real Name
jacobaitkin 72.76.33.202 Verizon Internet Services Little Silver, New Jersey, USA Jacob Aitkin (inferred from username)
lorynek 75.158.3.146 Telus Communications Edmonton, Alberta, Canada Unknown
Luethe 75.138.160.241 Charter Communications Plattsburgh, New York, USA Unknown
Sonichawk10 184.3.225.170 Embarq Corporation Rougemont, North Carolina, USA Unknown
Zippyrules 61.222.113.138 Chungwa Telecom Company Limited Taipei, Taiwan Unknown
bunny8788 72.76.33.202 Verizon Internet Services Little Silver, New Jersey, USA Jacob Aitkin (alt of jacobaitkin)
superqual 68.32.134.195 Comcast Cable Long Branch, New Jersey, USA Unknown

I’ve been administrating Minecraft servers for well over a year now and it still angers me greatly when people do this sort of stuff, especially considering the amount of money, time and labor it takes to run a server of this scale.

The four users’ ban reputations are viewable by clicking this link here. If you moderate or administrate a Minecraft server, or if you own a server of your own, beware of these players, and if they join be sure to watch them with scrutiny; it is likely that they will cause damage to your server if you don’t take preemptive measures.

As for the future, I may need to implement a guest rank in which players will need pre-approval before being allowed to build on the server. As much as I dislike this (because I like the openness of my server) it may be something that may necessary for the integrity of the server. Also, amendments to the rules will be posted in the near future, and I may need to add a legal Terms of Service agreement for playing on the server.

In terms of upgrades, I’ve purchased a few hot-swap hard drive bays and a new gigabit Ethernet card to boost server performance. These will be installed when I return home in about a week’s time.

WARNING: MIGRATED ACCOUNT VULNERABILITY!

Turns out there is an exploit in the Mojang authentication system that allows a hacker to use your username on ANY MINECRAFT SERVER, EVEN ONES IN ONLINE MODE. This hole stems from a flaw in the migrated account system. Migrated accounts will require an email address to log into Minecraft and if you have not done this, you are safe.

Standard authentication via Mojang’s servers is disabled until further notice. Secondary login via the /login command is the only way to log in. If you do not have a password, contact the administrator at ngminecraft [at] gmail [dot] com.

To see the documentation on this vulnerability, click here.

### TO USE OFFLINE LOGIN: ###

  • Log in. You will spawn in a bedrock jail.
  • Use /login <your username> <your password>
  • If it worked, you’ll see “Info: Access granted – offline authentication successful”
  • Otherwise, contact the admin.