How to protect your Bungeecord server against UUID Spoofing

There is an exploit with Bungeecord which allows users to spoof your UUID by pretending to join as you using a separate Bungeecord instance. To fix it, you need to install one of the following plugins on your non-Bungeecord servers:

IPWhitelist: https://www.spigotmc.org/resources/61/
BungeeGuard: https://github.com/lucko/BungeeGuard/releases

Here are instructions on how to install each of the above plugins. You only need one.

IPWhitelist:

Download the plugin from https://www.spigotmc.org/resources/61/ and put it in your Bukkit/Spigot servers.
Restart.
Open the config file and add your server IP (excluding port) to the "whitelist" section.
Restart.
Done! Your server is now protected and you can configure the config.yml at any time to your liking and use /ipwl reload to reload it.


BungeeGuard:

Your server must be using Paper to be able to use BungeeGuard, it cannot be running Spigot/Bukkit.

On BungeeCord
Download the proxy plugin from https://github.com/lucko/BungeeGuard/releases and put it in your BungeeCord server.
Restart.
Open the plugins/BungeeGuard/token.yml file and copy the token

On Paper
Download the backend plugin from https://github.com/lucko/BungeeGuard/releases and put it in your Paper servers.
Open the plugins/BungeeGuard/config.yml file on each server and add the previously copied token to allowed_tokens
Done! Your server is now protected and you can configure the config.yml at any time to your liking and restart the server to load the changes.

# Allowed authentication tokens.
allowed-tokens:
- "AUSXEwebkOGVnbihJM8gBS0QUutDzvIG009xoAfo1Huba9pGvhfjrA21r8dWVsa8"

  • 5 Users Found This Useful
Was this answer helpful?

Related Articles

JSON - Exception in server tick loop

If you find your server not starting up with the following error:java.lang.NullPointerException:...

Failed to check session lock

At random, your server might not start and appear like it’s crashing, and if you look in your...

Powered by WHMCompleteSolution