It can be worrying when you think your server has been hacked or somebody has given themself OP on your server, but don't worry. Please, stay calm, and carefully follow this guide through to be able to secure your server.

Billing Access

The most important thing to keep track of is your billing account login. Whoever has the billing login, can forcibly reset the game-panel login, they can also open tickets and ask for the service to be cancelled, or other bad actions. They cannot, however, spend any of your money - we have no way to directly bill a PayPal account

Please log in to https://billing.pebblehost.com and go here to change your password:



Please pick a secure password and do not share this with anybody else. The billing password is the "master" password and this can be used to change any other passwords. If you need to recover your billing account or you have forgotten this, then please open a ticket at https://billing.pebblehost.com/submitticket.php

Panel Access

Next, please follow this guide to change your game-panel password, and log into your account. Click your Profile Picture in the top right hand side of the page then click "Log Out All Sessions" to log everyone else out of your account.

Next, go to the Sub-Users page of your server, and remove any other sub users that are there.



If you have ever given your panel password to a friend or co-owner, this is against our TOS and can result in them hacking your account. Please make sure to follow our how to add sub-users to your server if you need to give somebody access in future.

Once this is done, you will be the only person who has access to the panel, so this should now be safe and secure. If somebody is still accessing your server, it could be due to a plugin, we'll have more information about that below.

Securing the Server

There are a couple of ways that somebody could have hacked your server:

Installing a plugin - Plugins have a lot of power over your server. If somebody sent you a plugin to try and install then this could be a backdoor or a force-op plugin that allows them to OP themselves. Plugins from illegal sites such as DirectLeaks or BlackSpigot can also have backdoors. Oftentimes these plugins are disguised as Anticheats.
Giving themselves permissions - They might have simply used the console (if they had access to your panel account) and typed op <theirname> to give themselves in-game permissions.
Command Blocks - They might have set up a command block in-game that repeatedly gives them creative / op / permissions. To fix this you can run gamerule commandBlockOutput true which will enable command blocks to show in Console. Then, look at your console logs and it will say for example Command Block at 123, 45, 678 ran command: /op GrieferMan, you can go to that location in-game and remove the command block
Insecure Bungeecord - See the "Securing Bungeecord Networks" section

A good way to check is to open the File Manager on your server and go to the logs folder, and open the logs in order. Go back to the logs from when the hacker first join and see what commands they ran / what they did. If they just magically gained OP permissions, it was likely through a backdoor plugin.

Almost all of these issues can be rolled back by restoring a backup from before the hacker gained access. The only thing to be careful of and to consider is how long ago it was compromised. If you installed a malicious plugin 3 days ago, but they only used it to hack your server today, then you need to restore back to 4 days ago, not to yesterday.

We have a guide on how to restore a backup here: Backups Explained

If you're unsure on any of this please contact our support team and we can help you clean up the server

Securing Bungeecord Networks

If you have a Bungeecord network it is very important you set up a firewall on the servers. With Bungeecord, the Bungeecord machine checks the player's credentials with Mojang, not the backend (Hub/Factions/Survival) server. This means that, if your backend servers are not firewalled off, hackers can directly join the backend and use whatever username they would like, we have a diagram here:



Please follow our How to configure a firewall on your server guide, to be able to configure a firewall on your backend servers to fix this. Please contact staff after you've done this, we will check it is set up correctly.

General Security

Lots of people are out to destroy or hack your server. You've got to stay careful, and make sure you do not accept any plugins sent to you directly, you don't give out your panel password, ever - use our sub-users feature so you can easily remove permissions, and always make sure to keep a backup of your server.
Was this article helpful?
Cancel
Thank you!