An explination of what happened over the past few weeks

For some time now a bug existed in the New Eden server setup, which lay there silently until it was discovered and exploited a few weeks ago.

The people who exploited the bug were able to gain high level access to in-game features and as a result were able to use WorldEdit to cause destruction on a massive scale.  The areas that were effected are:

• Some Creative Plots (including the Creative Spawn)
• The Build Off World
• The Survival Spawn and Continent Spawns (generally Survival was for the most part unaffected)

A more detailed explanation

Essentially when you connect to New Eden at play.neweden.co you first hit what we call the Proxy Layer, this is where among many other things your Session ID is checked with Mojang to make sure that you are who you say you are.  It prevents someone just logging in and tricking the server into thinking they are someone else.

The Proxy Layer then connects you to what we call the Server Layer, that being the actual Minecraft server that hosts the world that you see and interact with.  So when you switch from say the Hub to Survival you're still connected to the same Proxy but the actual server you're on changes.

The bug that existed allowed those individuals to completely bypass the Proxy Layer and connect directly to the Server Layer, meaning that they were able to bypass the checks that happen with Mojang, and so pretend to be someone who they aren't.  In this case they tricked the Server Layer into thinking that they were me, and so gaining access to high level commands and in this case unrestricted use of WorldEdit.

After investigating this there is no evidence that this bug was exploited in the past, and it was only possible to exploit under specific conditions by individuals who knew how to exploit it.

Investigating and discovering more issues

The first thing that was done was to secure our setup to make sure this bug was patched, luckily it wasn't particularly complected to fix and so was done not long after the initial investigation.

Next there was the process of undoing any damage done, and unfortunately it wasn't very straightforward.

Any time you perform an action on Survival or Creative, such as place or break a block this is logged.  So for every block placed or broken we have a record of it in a large database.  This is what allows the Community Team to fix any minor griefing.

Unfortunately another bug existed which meant that WorldEdit wasn't being logged.  This was mitigated by the fact that in Survival it's not possible for anyone other than Admins to make changes using WorldEdit, and in Creative WorldEdit is restricted to individual Plots, so only those who have access to a Plot can use WorldEdit in it.  This meant that until now this particular issue hadn't been a problem.

On top of that the automated backup processes that are supposed to make full backups of our worlds on a regular basis weren't functioning properly.

Going forward

The good news is all of the above issues and bugs have now been fixed, this is partly why there hasn't been much detailed communication around this until now.

The less good news is that while most of the damage was undone, due to a combination of the issues mentioned above, it wasn't possible to fully undo all of the damage caused.

Because of this you may notice some of the following issues:

• For Creative Plots that used a lot of WorldEdit some of this may be gone, we apologies about this but unfortunately there's not much that can be done about it.
• For Creative Plots that have been merged together you may notice that some of the roads have reappeared, don't worry the plots are still merged, you just need to remove the reappearing road.
• The continent spawn points in Survival may look a bit broken and some of the terrain around them may also look a little strange.
• The PvP Jungle Islands spawn structure is gone.
• Build Off was very much effected and is currently down, it may be possible to recover some recent builds from the Build Off world, however this will need to be handled on a case by case basis.

Thankfully many people have pulled together to help rebuild areas that have been effected.  @Shadow_Chan_YT along with @TrueCircuit and @Westuari have built a new spawn for Creative that looks amazing, please do check it out and give them a cookie!  There have also been efforts to help fix some Creative Plots that couldn't be totally restored and I'm grateful for those who have offered to help with this.

If you're interested in helping I'm also looking for people to help build new continent and island spawn points, so please do reach out if you're interested.

Closing

While I do apologies for the inconvenience caused over this period I want to reassure everyone that we have taken every measure possible to ensure that something like this does not happen again in the future.  In the highly unlikely event that something like this does we are now more prepared than ever to deal with this smoothly and without any long term damage.

Lastly I wanted to note that in the future I will be looking more closely at how we can put more changes and processes in place so that in the highly unlikely event something like this does come up any attempts to exploit it will have as minimal an impact as possible.  Should any more changes happen as a result of this I'll be sure to keep you all updated.

As always if you have any questions or concerns please do not hesitate to reach out.

Thank you
-Aaron