Minecraft Server Hacked

minecraft-java-edition minecraft-java-edition-server cheats

Up until very recently, there's been a bug in Minecraft that allows any client to change the NBT data of an item in its inventory. A player by the name of Ammar discovered this 2 years ago and reported it to Mojang confidentially. After repeatedly contacting them about it and getting little response, Ammar recently decided to release details of the exploit publicly. This finally forced Mojang to fix it and release an emergency 1.8.4, but older servers are still vulnerable.

Books, using the JSON format, can have "ClickEvents" and "HoverEvents" on certain pieces of text that cause it to run a command. This can usually not be created by a normal player. Also, due to another bug, these commands bypass the restrictions placed on command blocks such as not being able to use /op.

What's likely happened here is that the player has asked for a book, and then changed it's NBT data to give it hover event commands that give the player OP.

You should be able to protect against this exploit by upgrading your server to 1.8.4.

Related

If I do a solo hunt does the behemoth become any weaker?
How to remove fish from tanks in Megaquarium?
Summon Item Command [duplicate]
How to Make the Border come in to a certain coordinate
Command or Plugin to give a player an item with a colored/custom name and specific NBT? [closed]
How can I change the nametag of a villager using commands
How to get the url from Firebase Storage file?
wget to clone a website, with links to directory not index.html
Checking that CancellationTokenSource.Cancel() was invoked with Moq
VBA Copy Cells vs Rows
The Event Log File is full
Bash command variable assignment