“player tracking” vulnerability/exploit
today in my server chat a new user just after logging in said ”lmfao player tracking isn’t fixed”, but i really can’t figure out what he meant, should i be worried?
39 Replies
Thanks for asking your question!
Make sure to provide as much helpful information as possible such as logs/what you tried and what your exact issue is
Make sure to mark solved when issue is solved!!!
/close
!close
!solved
!answered
Requested by filyarduino#0
there was a bee coordinate "exploit"
if u had bee hives sold on ah
but dont think its that
i don’t have either ah or shop
thanks for the suggestion
i remember a couple years back, people on hacked clients can attempt to break blocks SUPER far away (thousands of blocks) . and they would get a different response if the chunk was unloaded/or not. so then they can deduce if a player is in the chunk (if its loaded). then when people log on/off can figure out, ok when this player logs on, i can fail to break a block in this chunk...
but this was like super heavily engineered and i dont think a random player would be doing this on a random server
(not sure if its been patched by minecraft, or if paper does)
my guess is maybe you have a plugin on ur server that has an exploit? like map plugin and can see players? idk
thanks for the tips
but i don’t have any map/tracking plugins, only basic stuff
map was just an example, what plugins do you have?
the player could also just be pulling ur leg, and making u freakout over nothing
essentialsx, authme, wildrtp, vulcan, skinsrestorer, discordsrv, viewdistancetweaks, viaversions, viabackwards and geyser with floodgate
yea it might be that
i hope so
thanks for your time and tips btw, i’ll wait a bit to see if anyone else has got an idea then i’ll mark as closed
just curious, what plugins do you have?
these ones
oh mb, compltely missed that
yeah i dont think any of those would be giving up player coords
well actually, i think i know what it mite be
since ur using authme, my guess is ur in offlinemode, players can just log in as someone else and get their coords
ah yes
!offline
turn server to online and no issue will occur
how didn’t i think of that?
do you know if there is a workaround that lets me keep offline mode?
like a plugin?
ur not gonna get any support here from running an offline server
we dont support any piracy
it’s for the bedrock players
u have floodgate
bedrock players can log in
with online-mode
but thank you so much anyways
ok i’ll look into that
have a nice day, bye
Why does so many people think Geyser requires offline mode
Where do yall read that
i dunno, but now i’ll try
also.. every bedrock player has java now, and every java player has bedrock
with floodgate, you can connect the accounts
so there never any need for any authentication, just use geysers/mojangs
literally tho, im curious why its so common
ok thanks for the help
the thought of having both java and bedrock feels a little hard, so i just tried the easiest solution avoiding linking/authentication steps
its not hard at all
all u do is flip a config setting and floodgate does it all for you
you have to do nothing
drop plugin in
require linking
start server.
all ur work is done.
u dont even have to require linking, so technically u can do nothing
what u have works perfectly already after u turn online-mode on
Authme. Offline mode cringe
Yeah
Kinda weird ngl
Geyser works as a proxy iirc
Floodgate and Geyser is all ya need
So people might confuse it with a network setup
Because in a network setup I know something else has to be in offline mode
A proxy thing
And a port allocation
No
No?
You don't even need that
It can clone ur Java port
Interesting
U will need a port allocation, bedrock uses UDP
So even if ur using the same port, you’ll need to also allow udp
Java uses TCP
Im talking when using a host
Port allocation is the word used on pterodactyl
well, port allocation is a general term, its not something specific to ptero
but i understand what u mean
There are a couple of articles on the internet that says offline mode is required for Bukkit, Waterfall, etc but it actually means to link the main server with the others, I suspect that is why
Yes but Geyser isn't any of those also it's not required for bukkit
I meant bungee but yeah fair enough I misread the original item