IMPORTANT SECURITY ADVISOROur security team has identified a malware called "Hostflow" that has started to circulate among Minecraft plugins (obtained from untrusted/unofficial sources, such as cracked plugins or downloads from unofficial websites), this malware is capable of modifying other plugins on the server.
The current working theory is if the server starts with an infected plugin all plugins will be modified and will be infected, if this happens you will need to delete all plugin jars and re-download them.
What does this malware do?
This malware sends server information to
client.hostflow.eu:5050/wsand can execute console commands remotely, so this is a complete backdoor/"force op" if you are infected.
What steps have we taken to protect our users from this malware?
We have firewalled their command and control server, this means that if your server is infected it should not be able to communicate with the control server.
We have also added a variant that can detect and remove this malware:
After installing this variant start the server and look at your console for results, if you are not infected then just re-install back to the version you normally use.
There is also a "Remove" version, that will clear out any infected plugins (this is not recommended tho, we recommend you delete your plugins folder and re-download it from the official source)