Backdoor issue

[ghost]

It's possible to backdoor a server with making your own proxy and then getting one of the backend ports to login as another user if the target server does not have bungeeguard (Add bungeeguard in waterfall?)

[electronicboy]

Not a bug/issue, the expectation is that you resolve it using a firewall or private network; I'd much rather add modern forwarding support to waterfall given the future of interop required between the proxy and the servers, but, given my current love or lack thereof for bungee in general, this is not a priority

[Janmm14]

This is actively being warned on bungeecord github and https://spigotmc.org/wiki/firewall-guide being linked to prevent this.