search

Ghost-chu / QuickShop-Reremake

QuickShop is a shop plugin that allows players to easily sell/buy any items from a chest without any commands. In fact, none of the commands that QuickShop provides are ever needed by a player.
GNU General Public License v3.0
103 stars 147 forks source link

[BUG] Sha-256 Error in the console #1085

Closed BillyDas closed 3 years ago

BillyDas commented 3 years ago

Describe the bug:

Quickshop is fialing to boot up. Gives me a "Sha-256 Error in the console" Paper 1.16.5 Quickshop Latest Release.

To Reproduce:

Literally, turn on the server and it just gives me this error.

Expected behavior:

Expected to start up without issues and activate the plugin

Additional context:

image

sandtechnology commented 3 years ago

QuickShop jars contain build data that allow you to check if a jar has been modified. Newer builds have a built-in self checker that sends you warnings.

The warning usually looks like SHA-1 digest error or Security risk detected and most of them point to org/maxgamer/quickshop/QuickShop.class. Once you see one of them, your Server has been infected! This is usually caused by the "L10" malware

If that is the case, then: 1.Delete the malicious Plugin immediately! 2.Make a full backup of your Server 3.Scan your Server with this Anti-Malware Tool: https://www.spigotmc.org/resources/spigot-anti-malware-detects-over-300-malicious-plugins.64982/ 4.Delete the malicious jar it reported 5.Re-download deleted jar, then scan again to make sure you got rid of the malware (May have false-positive, so feel free to ask if not sure) 6.Congratulations! You have cleaned the malware from your server!

BillyDas commented 3 years ago

so basically every plugin i have says it "MIGHT" be infected. @sandtechnology thoguhts on this? Would you be willing to look at the log and give me your thoughts?

sandtechnology commented 3 years ago

We have received couples of report for that, usually it was infected by "L10" malware (Reported by the anti-malware tool I mentioned above), if does, you all plugins will be infected, so you have to re-download all plugins again.

BillyDas commented 3 years ago

You my friend are a legend <3 ill get to it. Is there anywhere i can contact you?

sandtechnology commented 3 years ago

Discord channel which mentioned in our plugin page: https://www.spigotmc.org/resources/quickshop-reremake-1-16-ready-say-hello-with-rgb.62575/

BillyDas commented 3 years ago

hey hey So i just replced all the plugins that said they were infected and haven't booted the server. still getting this output though althought i JUST replaced them, do you think there could be some false positives (e.g Citizens Force OP?)


[16:29:11] [INFO]: Initializing
[16:29:11] [INFO]: Any bugs and/or false-positives should be reported here: https://github.com/OpticFusion1/MCAntiMalware/issues
[16:29:11] [INFO]: Registering checks
[16:29:11] [INFO]: Finished registering checks
[16:29:11] [INFO]: Setting up Auto-Updater
[16:29:11] [INFO]: Finished initializing
[16:29:12] [DETECTED]: File: plugins/nuvotifier-2.7.2.jar MIGHT be infected with Spigot.MALWARE.SystemAccess.Process Class Path: com/vexsoftware/votifier/io/netty/util/NetUtil
[16:29:14] [DETECTED]: File: plugins/MythicMobs-4.12.0.jar MIGHT be infected with Spigot.MALWARE.ForceOP.A Class Path: io/lumine/xikage/mythicmobs/utils/config/properties/types/IconProp
[16:29:14] [DETECTED]: File: plugins/MythicMobs-4.12.0.jar MIGHT be infected with Spigot.MALWARE.ForceOP.A Class Path: io/lumine/xikage/mythicmobs/drops/droppables/CommandDrop
[16:29:14] [DETECTED]: File: plugins/MythicMobs-4.12.0.jar MIGHT be infected with Spigot.MALWARE.ForceOP.A Class Path: io/lumine/xikage/mythicmobs/skills/mechanics/CommandMechanic
[16:29:14] [DETECTED]: File: plugins/MythicMobs-4.12.0.jar MIGHT be infected with Spigot.MALWARE.ForceOP.A Class Path: io/lumine/xikage/mythicmobs/skills/mechanics/CommandMechanic
[16:29:15] [DETECTED]: File: plugins/Quests-4.0.4.jar MIGHT be infected with Spigot.MALWARE.SystemAccess.Process Class Path: me/blackvein/quests/libs/mysql/cj/admin/ServerController
[16:29:15] [DETECTED]: File: plugins/NexEngine.jar MIGHT be infected with Spigot.MALWARE.L10.A Class Path: su/nexmedia/engine/NexPluginL10
[16:29:15] [DETECTED]: File: plugins/MythicMobs-4.12.0.jar MIGHT be infected with Spigot.MALWARE.NickSystem.A Class Path: io/lumine/xikage/mythicmobs/skills/mechanics/BlackScreenEffect
[16:29:16] [DETECTED]: File: plugins/LastLoginAPI/lib/com/h2database/h2/1.4.200/h2-1.4.200.jar MIGHT be infected with Spigot.MALWARE.SystemAccess.Process Class Path: org/h2/util/SourceCompiler
[16:29:16] [DETECTED]: File: plugins/Advanced-Portals-0.6.0.jar MIGHT be infected with Spigot.MALWARE.ForceOP.A Class Path: com/sekwah/advancedportals/bukkit/portals/Portal
[16:29:16] [DETECTED]: File: plugins/TimeIsMoney.jar MIGHT be infected with Spigot.MALWARE.DropEdit.A Class Path: plugin.yml
[16:29:16] [DETECTED]: File: plugins/PlugMan.jar MIGHT be infected with Spigot.MALWARE.SystemAccess.Process Class Path: org/apache/commons/io/FileSystemUtils
[16:29:17] [DETECTED]: File: plugins/Citizens.jar MIGHT be infected with Spigot.MALWARE.ForceOP.A Class Path: net/citizensnpcs/trait/CommandTrait$NPCCommand
[16:29:17] [DETECTED]: File: plugins/Citizens.jar MIGHT be infected with Spigot.MALWARE.L10.A Class Path: net/citizensnpcs/CitizensL10
[16:29:18] [DETECTED]: File: plugins/EssentialsX-2.18.2.0.jar MIGHT be infected with Spigot.MALWARE.SystemAccess.Process Class Path: com/earth2me/essentials/Backup'''
sandtechnology commented 3 years ago

Citizens.jar and NexEngine.jar should be the source of L10 malware

BillyDas commented 3 years ago

Why would nex engine be malware? Is this no a legit plugin?

sandtechnology commented 3 years ago

Yes is the plugin, but it was infected by L10 malware, may be just because you forget to replace it?