RuskyAntiHacker
RuskyAntiHacker is another plugin to secure your proxy from ip forward bypass exploits.
"Hey, that's cool, but what does this even mean?"
Ip forward bypass exploit is an exploit, that uses ip forwarding to give hacker permissions of any user they want.
"Oh, ok! But what is ip forwarding?...."
Ip forwarding is a feature in spigot, that allows proxy to transfer real user informations to the spigot server (it is named ip forwarding, because it also forwards users real ip instead of proxy ip, but it handles also UUID and skin). This feature is great, but it can be abused, when the network isn't secured properly. The hacker can connect to the spigot server and use this feature to give himself any ip, skin and most importantly any UUID, that the hacker wants.
"Hmmm, that sounds as a really serve issue. Why didn't anyone solve it until now?"
Someone already did. Actually, there tons of solutions. If you can, you should setup a firewall, that is the best protection from this exploit. Saddly, many hosting companies still don't offer a firewall.
If you have one of these hostings, you have to use some plugin to solve this issue. There are already many of these plugins. The most known are BungeeGuard and SecuredNetwork. But there is still some space for improvements. In fact, the reason why I made this plugin is, that someone hacked friend's server, that was running SecuredNetwork.
"That sounds cool, but why do you think, that your plugin can be more secure, than these gigant plugins with tons of contributors?"
I have to go more technical to answer this, but I'll try to simplify it. This plugin uses different logic than other plugins.
All plugins, that I found work in a very similar way. They have some shared secret, that is both on bungee and spigot. When bungee wants to send a player to spigot, it inserts the secret into the connection request. Spigot then simply compare this secret to it's secret and if they matche, the player can join.
This sounds as good system, but it has some drawbacks. Every server must have the secret, so every developer will have an access to it. Do you really wan't to change the secret in every server when someone leaves your admin team? Another major drawback is, that you can't allow your players to connect their own community spigots to your network, because they can get your secret from the player connect request from bungee.
This plugin uses a completely different approach. Bungeecord generates a RSA keyp......
"Wait, but what is RSA?"
RSA is asymetric encryption algorythm. It can be user for asymetric encryption and digital signatures. We'll need the second usecase here. It's simple, there are two keys. One is private and one is public. When you want to sign something, you can proccess it with your private key. This will generate a signature. The signature depends on the original data and on the key. When you wan't to verify the signature, you can proccess it with your public key.
"Oh, I think, that I got it. You can continue now."
So, the bungee generates a RSA keypair every time it starts. It keeps the private key secret, but it shares the public key with a special custom status packet. Spigot servers request this key from the bungee. Now, when bungee sends a player to some spigot, it adds a signiture to the request. The spigot can easily verify this signature using the public key, that it requested from the bungee.
As you can see, this is much more secure because the secret is only on the bungee (in other plugins, it must be on every server), it's not on the disk, so it is harder to get it (at least for a less expirenced developer, that only configures plugins, and doesn't make them) and most importantly, it changes rapidly.
"You're a genius. I'm instantly getting this plugin. But how to use it?"
That's maybe the best part of the whole plugin. It is much simpler to use than other, less secure, plugins.
You have to put it both on spigot and on bungee. The bungee instalation doesn't require any configuration. On spigot it is a bit more tricky but you can still do it. The plugin has a config with server ip and server port. Just put there the ip and port of the bungeecord server and that's all.
TLDR
Just read the last paragraph if you only need to know how to make this plugin work.
RuskyAntiHacker is another plugin to secure your proxy from ip forward bypass exploits.
"Hey, that's cool, but what does this even mean?"
Ip forward bypass exploit is an exploit, that uses ip forwarding to give hacker permissions of any user they want.
"Oh, ok! But what is ip forwarding?...."
Ip forwarding is a feature in spigot, that allows proxy to transfer real user informations to the spigot server (it is named ip forwarding, because it also forwards users real ip instead of proxy ip, but it handles also UUID and skin). This feature is great, but it can be abused, when the network isn't secured properly. The hacker can connect to the spigot server and use this feature to give himself any ip, skin and most importantly any UUID, that the hacker wants.
"Hmmm, that sounds as a really serve issue. Why didn't anyone solve it until now?"
Someone already did. Actually, there tons of solutions. If you can, you should setup a firewall, that is the best protection from this exploit. Saddly, many hosting companies still don't offer a firewall.
If you have one of these hostings, you have to use some plugin to solve this issue. There are already many of these plugins. The most known are BungeeGuard and SecuredNetwork. But there is still some space for improvements. In fact, the reason why I made this plugin is, that someone hacked friend's server, that was running SecuredNetwork.
"That sounds cool, but why do you think, that your plugin can be more secure, than these gigant plugins with tons of contributors?"
I have to go more technical to answer this, but I'll try to simplify it. This plugin uses different logic than other plugins.
All plugins, that I found work in a very similar way. They have some shared secret, that is both on bungee and spigot. When bungee wants to send a player to spigot, it inserts the secret into the connection request. Spigot then simply compare this secret to it's secret and if they matche, the player can join.
This sounds as good system, but it has some drawbacks. Every server must have the secret, so every developer will have an access to it. Do you really wan't to change the secret in every server when someone leaves your admin team? Another major drawback is, that you can't allow your players to connect their own community spigots to your network, because they can get your secret from the player connect request from bungee.
This plugin uses a completely different approach. Bungeecord generates a RSA keyp......
"Wait, but what is RSA?"
RSA is asymetric encryption algorythm. It can be user for asymetric encryption and digital signatures. We'll need the second usecase here. It's simple, there are two keys. One is private and one is public. When you want to sign something, you can proccess it with your private key. This will generate a signature. The signature depends on the original data and on the key. When you wan't to verify the signature, you can proccess it with your public key.
"Oh, I think, that I got it. You can continue now."
So, the bungee generates a RSA keypair every time it starts. It keeps the private key secret, but it shares the public key with a special custom status packet. Spigot servers request this key from the bungee. Now, when bungee sends a player to some spigot, it adds a signiture to the request. The spigot can easily verify this signature using the public key, that it requested from the bungee.
As you can see, this is much more secure because the secret is only on the bungee (in other plugins, it must be on every server), it's not on the disk, so it is harder to get it (at least for a less expirenced developer, that only configures plugins, and doesn't make them) and most importantly, it changes rapidly.
"You're a genius. I'm instantly getting this plugin. But how to use it?"
That's maybe the best part of the whole plugin. It is much simpler to use than other, less secure, plugins.
You have to put it both on spigot and on bungee. The bungee instalation doesn't require any configuration. On spigot it is a bit more tricky but you can still do it. The plugin has a config with server ip and server port. Just put there the ip and port of the bungeecord server and that's all.
TLDR
Just read the last paragraph if you only need to know how to make this plugin work.
Resource Information
Author:
----------
Total Downloads:
111
First Release:
May 8, 2022
Last Update:
Aug 30, 2022
Category:
---------------
All-Time Rating:
1 ratings
Version
-----
Released:
--------------------
Downloads:
------
Version Rating:
----------------------
-- ratings