May Backdoor

From Oldfag.org Anarchy Minecraft

During mid May 2020, rumour had spread that a new exploit had been found as 71ua's and 5N5N's bases as well as Jewbase had been raided by the meerkats. The next morning, Cacti bragged about having discovered a new exploit. He offered the exploit for 600$ and an individuals coords for 10$. Lots of players rightfully refused to log in and it was confirmed that the admin account oldfagdotorg had been compromised and that players were teleported to using spectator mode by Cacit and DezzDox. In the aftermath, John200410 enacted very strong security measures to prevent such backdoors from happening in the future. All admin accounts are

File:Villagers being killed.webp
Villagers being killed during a move caused by the backdoor

now required to use 2-factor authorization.

DezzDox found this backdoor by discovering John200410's emails & passwords had been leaked in a data breach through a simple web search. DezzDox has said that he found 58 bases that he has saved in a txt file. He does not plan on leaking any of these bases at the moment however, he does plan on visiting them to place Meerkats banners. The oldfagdotorg account also later had its name changed to Meerkatsontop. This exploit was confirmed to be used from May 17 to May 20 of 2020

The only base that was leaked and griefed while the backdoor was active was Jewbase 3. Although DezzDox promised not to grief any of the other bases he found, many players moved their base in response to this event. Dezz would later leak and grief one other base made by Tari, although Tari made him log part way through. Dezz and Cacti have the coords of at least 50 bases and as of July have not even visited most of them yet, but plan to.

Statement by John[edit | edit source]

John released the following lengthy statement:

Hello everyone, I have unfortunate news about the server. My account was recently involved in a data breach and as a result my password

which was shared with one of my Minecraft accounts was leaked.

Due to an oversight by myself in our security this meant that whilst they

were not able to spawn anything in, the person with access was able to use spectator mode to teleport to people.

The sad news is that if you have logged in over the past few days it is very likely that your base has been compromised, I recommend

moving any valuables that you have ASAP. Moving as many of your items as soon as possible to either a new location or one that you haven't

logged into for at least a week is imperative.

This is obviously not an announcement I would like to make, and I would reassure the player base that we have done a full security review and

found no further exploits meaning that moving on there should be no way that any account connected to the operation of the server

even if compromised could be used maliciously.

To prevent anything like this happening again we are taking the following steps:

All administrator accounts will require two factor authentication to log into the server.

Operator will be removed from every account on login / log out.

Gamemode will be set to survival on every account on login / log out.

A new plugin will notify myself if anything malicious happens.

This is on top of our pre-existing security, which includes IP restrictions (the IP restrictions did not apply as the account was not OP) and OPGuard.

Video Summary[edit | edit source]

zirrco also made a video about the situation.

Saiyamanmc made a video about this situation.