Minecraft Tutorials

How to Recover from Griefing and Prevent Future Attacks

Restore your Minecraft server after a grief attack and secure it against future incidents using online-mode, AuthMe, and CoreProtect.

Last updated: February 27, 2026

4.9

482+ Satisfied Customers

Recover your Minecraft server after a grief attack and put protections in place to prevent it from happening again.

The most common cause of griefing on servers that have otherwise functioning permissions is online-mode=false set in server.properties without an authentication plugin. When online mode is disabled, the server skips Mojang account verification — meaning anyone can join using any username, including impersonating admins or other players with elevated permissions.

Step 1: Restore from a Backup

WinterNode automatically backs up every server twice daily, around 2am–3am and 2pm–3pm US Central Time. If your world was griefed, open a support ticket on Discord and let us know which backup window you’d like restored (before the grief happened).

If you have your own backup archive, you can restore it yourself — see the Backup Restoration guide for step-by-step instructions.

Step 2: Identify the Cause

Before making changes, check whether online-mode is the issue:

  1. Open File Manager and find server.properties in your root directory
  2. Look for the online-mode setting:
online-mode=false

If it’s set to false, this is likely how the griefer gained access. Continue to Step 3.

Step 3: Fix the Security Vulnerability

You have two options depending on whether your server needs offline mode:

If you don’t specifically need offline mode (for example, you’re not running a proxy or cracked client server), switching back to true restores Mojang account verification and closes the impersonation vulnerability immediately.

  1. In server.properties, set:
online-mode=true
  1. Save the file and restart your server

Option B: Install AuthMe (If You Need Offline Mode)

If your server needs to stay in offline mode — for example, because it runs behind a Velocity or BungeeCord proxy, or supports cracked clients — install an authentication plugin to require players to register and log in with a password before they can interact with the server.

AuthMe is the most widely used option:

  1. Download AuthMeReloaded from SpigotMC
  2. Stop your server
  3. Upload the JAR to your plugins/ folder using the File Manager or SFTP
  4. Start your server to generate the AuthMe config files
  5. Players will now be prompted to /register <password> <password> on first join and /login <password> on every subsequent join

Step 4: Install CoreProtect for Future Incidents

Even with online mode properly secured, griefing can still happen through legitimate players. CoreProtect logs every block placement, block break, and container interaction on your server, and lets you roll back damage by a specific player over a time range — without needing to restore a full backup.

/co rollback u:<player> t:1h r:100

This rolls back everything a player did in the last hour within 100 blocks of where you’re standing. See the CoreProtect guide for full command reference and setup instructions.

Back to Help Center Get Minecraft Hosting