From 783979b6b9bd26372942de80a38f92d122a02d06 Mon Sep 17 00:00:00 2001 From: Janmm14 Date: Wed, 21 Nov 2018 02:19:34 +0100 Subject: [PATCH] #2549 Add security / firewall warning to readme. --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 8bb27482e..ef9b6f704 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,12 @@ Information ----------- BungeeCord is maintained by [SpigotMC](https://www.spigotmc.org/) and has its own [discussion thread](https://www.spigotmc.org/go/bungeecord) with plenty of helpful information and links. +### Security warning + +As your Minecraft servers have to run without authentication (online-mode=false) for BungeeCord to work, this poses a new security risk. Users may connect to your servers directly, under any username they wish to use. The kick "If you wish to use IP forwarding, please enable it in your BungeeCord config as well!" does not protect your Spigot servers. + +To combat this, you need to restrict access to these servers for example with a firewall (please see [firewall guide](https://www.spigotmc.org/wiki/firewall-guide/)). + Source ------ Source code is currently available on [GitHub](https://www.spigotmc.org/go/bungeecord-git).