Hello, my minecraft server got "hacked" in fact, many players are connecting with random names, try to spam, disconnect, reconnect again ... like an infinite loop ... how to stop this from bukkit ? they've not the same IP ! like Proxys. thanks for help. (using NoPwnage and STAB plugins.) edit : by looking to IP, it look like a "ddos" from trojan, cause they're few ip from US, Fourway, Verizon, Comcast ... how to prevent this kind of attacks plz :x edit2 : i block most of ip used via iptables, but they still attacking...
Is your server on online-mode=false? if so set it to online-mode=true, then you problem should be solved.
you can install a plugin for this that allows only 1 account per IP to enter http://forums.bukkit.org/threads/ad...ts-unwanted-players-instantly-1-2-5-r1.70808/
I believe that NoPwnage is not up to date, so there's a possibility it won't be working correctly. This is a very good replacement that can be used: http://dev.bukkit.org/server-mods/antibot/
Thanks, i'll check this out. now they're fulling my server (up to 50slots) with bots ... EDIT : AntiBot ban unwanted players :x EDIT : with online-mode:true it's ok, but i don't want to do that :x EDIT again: even in online-mode:true, they make it crash, i can see huge lost of IP scrolling in my console ... i need a solution against that thanks for help ! like a botnet network from USA (from the IPs)... some others server aren't ok with the fact i'm first on a topsite ... that's not my fault if my server isn't too bad !!! Code: 20:29:06 [INFO] Disconnecting wiz2894 [/71.61.58.58:57299]: You are not white-listed on this server! 20:29:06 [INFO] Connection reset 20:29:06 [INFO] Connection reset 20:29:06 [INFO] Connection reset 20:29:06 [INFO] Connection reset 20:29:06 [INFO] Disconnecting old_123 [/216.176.124.176:1859]: The Ban Hammer has spoken! 20:29:06 [INFO] Connection reset 20:29:06 [INFO] Disconnecting mippers [/71.227.242.52:56634]: You are not white-listed on this server! 20:29:06 [INFO] Disconnecting joey_smith [/137.118.137.118:2694]: You are not white-listed on this server! 20:29:06 [INFO] Disconnecting man_crafter [/75.118.82.116:3897]: You are not white-listed on this server! 20:29:06 [INFO] Connection reset 20:29:07 [INFO] Connection reset 20:29:07 [INFO] Connection reset 20:29:07 [INFO] Connection reset 20:29:07 [INFO] Connection reset 20:29:07 [INFO] Disconnecting taininfernus [/98.246.64.74:4039]: You are not white-listed on this server! 20:29:07 [INFO] Disconnecting mordad [/24.245.17.166:61405]: You are not white-listed on this server! 20:29:07 [INFO] Connection reset 20:29:07 [INFO] Disconnecting mrmango69 [/71.79.245.167:4761]: You are not white-listed on this server! 20:29:07 [INFO] Disconnecting mimi66 [/207.144.104.145:3301]: You are not white-listed on this server! 20:29:07 [INFO] Disconnecting lucyy [/68.42.108.151:55052]: You are not white-listed on this server! 20:29:07 [INFO] Disconnecting Adamfergu [/66.177.190.173:2160]: You are not white-listed on this server! 20:29:07 [INFO] Disconnecting scorpio10 [/173.71.210.45:2598]: You are not white-listed on this server! 20:29:07 [INFO] Connection reset 20:29:07 [INFO] Disconnecting drpoonhammer [/173.49.84.49:2567]: You are not white-listed on this server!
With or without whitelist, it's same, even in online mode or not, they do many many connections queries ... and it's really annoying ! i don"t know if they're really a solution against that :x
Why the boots did i say plus i just noticed that there are bots. possibly they are refreshing the whitelist? no clue any further.
install auth me and it you can choose characters that can be used for nicknames and how many accounts can have 1 users
That won't solve it :x i'm sure now that they use the PW....G4 tool. i look for the IPs on the Internet, this is only SOCKS proxies, like the ones used in the tools ... is there anyway on Linux to block connections from proxy ? thanks
you could ask your ISP for a new IP as a last resort, EDIT1 : And if you use a server host provider i would recommend changing away from them
no, i've a VPS, maanged by my own. a new Ip won't change anything, cause it's redirect by a domain and they we'll be able to see the new one... up anyway ? EDIT by Moderator: merged posts, please use the edit button instead of double posting.
i think your solution is in antibot, posted above, but you need to set really well the config file, paying attention on the login per second parameter (actually they're 2 parameters: one sets the time frame in milliseconds and the other sets the number of login in that time frame). Since tools like pwn4g3, worlds end or quartz make a large amount of logins and the attack lasts for minutes and not just seconds, i would try first setting something like 20 logins over 5000ms. if i remember well, there's also an option to set white list only for the duration of the attack. try to look around for optimal configuration. we had the same problem on our server but we never had the time to set up antibot properly due to other worse issues we are experiencing, so i don't think i'll be able to help further