Malware in some Spigot plugins

Malware can currently be found in some Spigot plugins. This is distributed through hacked accounts of plugin authors.

How do I know if my server has been infected?

You can recognize an infected server by the following things:

• "java.net.NoRouteToHostException: No route to host" errors appear in the console.
• After restarting the server, loading the plugins takes an unusually long time or the server crashes during this time.
• A "plugin-config.bin" file is contained in a Jar file.

What do I do if my server is infected?

Shut down your server immediately. Delete all jar files as the malware can spread to other jar files. Now reinstall your server using the "Reinstall Server" button in the "Settings" tab. If you use your own server jar file, make sure you download it from an official and reputable site. Before you install plugins again, make sure that the respective plugin jar file is not infected.
You can have jar files checked for malware using online virus checkers such as Virustotal. If the jar file contains a "plugin-config.bin" you can assume that the file is infected.

Feel free to create a support ticket if you are unsure whether your server is infected or if you have any questions!