There is an exploit with Bungeecord which allows users to spoof your UUID by pretending to join as you using a separate Bungeecord instance. To fix it, you need to install one of the following plugins on your non-Bungeecord servers:

IPWhitelist: https://www.spigotmc.org/resources/61/
BungeeGuard: https://github.com/lucko/BungeeGuard/releases

Here are instructions on how to install each of the above plugins. You only need one.

IPWhitelist:

Download the plugin from https://www.spigotmc.org/resources/61/ and put it in your Bukkit/Spigot servers.
Restart.
Open the config file and add your server IP (excluding port) to the "whitelist" section.
Restart.
Done! Your server is now protected and you can configure the config.yml at any time to your liking and use /ipwl reload to reload it.


BungeeGuard:

Your server must be using Paper to be able to use BungeeGuard, it cannot be running Spigot/Bukkit.

On BungeeCord
Download the proxy plugin from https://github.com/lucko/BungeeGuard/releases and put it in your BungeeCord server.
Restart.
Open the plugins/BungeeGuard/token.yml file and copy the token
On Paper
Download the backend plugin from https://github.com/lucko/BungeeGuard/releases and put it in your Paper servers.
Open the plugins/BungeeGuard/config.yml file on each server and add the previously copied token to allowed_tokens
Done! Your server is now protected and you can configure the config.yml at any time to your liking and restart the server to load the changes.

# Allowed authentication tokens.
allowed-tokens:
- "AUSXEwebkOGVnbihJM8gBS0QUutDzvIG009xoAfo1Huba9pGvhfjrA21r8dWVsa8"
Was this article helpful?
Cancel
Thank you!