There is an exploit with Bungeecord which allows users to spoof your UUID by pretending to join as you using a separate Bungeecord instance. To fix it, you need to install one of the following plugins on your non-Bungeecord servers:

BungeeExploitFix: https://www.spigotmc.org/resources/63280/
IPWhitelist: https://www.spigotmc.org/resources/61/
Proxy Fix: https://www.spigotmc.org/resources/55518/

Here are instructions on how to install each of the above plugins. You only need one.

BungeeExploitFix:

Download the plugin from https://www.spigotmc.org/resources/63280/ and put it in your Bukkit/Spigot servers.
Restart.
Done! Your server is now protected. You just need to join through Bungeecord once to each server to start it. You can configure it from the config.yml and then use /bef reload at any time.

IPWhitelist:

Download the plugin from https://www.spigotmc.org/resources/61/ and put it in your Bukkit/Spigot servers.
Restart.
Open the config file and add your server IP (excluding port) to the "whitelist" section.
Restart.
Done! Your server is now protected and you can configure the config.yml at any time to your liking and use /ipwl reload to reload it.
?url=https%3A%2F%2Fi.imgur.com%2F853ErVf.png


Only allow proxy connections:

Download the plugin from https://www.spigotmc.org/resources/preventportbypass-the-onlyproxyjoin-alternative.54934/ and place it into your Bukkit/Spigot servers.
Open the configuration and configure as needed.

Reboot your server, this will now make it so no users cannot join without joining through the proxy.

  Print