Many connections with random name

Discussion in 'Bukkit Help' started by Mineria, May 2, 2012.

Thread Status:
Not open for further replies.
  1. Offline

    Mineria

    Hello,
    my minecraft server got "hacked"
    in fact, many players are connecting with random names, try to spam, disconnect, reconnect again ...
    like an infinite loop ...

    how to stop this from bukkit ?

    they've not the same IP ! like Proxys.

    thanks for help.

    (using NoPwnage and STAB plugins.)

    edit :
    by looking to IP, it look like a "ddos" from trojan, cause they're few ip from US, Fourway, Verizon, Comcast ...

    how to prevent this kind of attacks plz :x

    edit2 : i block most of ip used via iptables, but they still attacking...
     
  2. Offline

    Omnitv

    Is your server on online-mode=false? if so set it to online-mode=true, then you problem should be solved.
     
  3. Offline

    frostlord221

    Your probally better of banning all the accounts then the 100's proxies..
     
  4. Offline

    ashley

  5. Offline

    mrlwiggy

  6. Offline

    Mineria

    Thanks, i'll check this out.

    now they're fulling my server (up to 50slots) with bots ...

    EDIT : AntiBot ban unwanted players :x

    EDIT : with online-mode:true
    it's ok, but i don't want to do that :x

    EDIT again: even in online-mode:true, they make it crash, i can see huge lost of IP scrolling in my console ...

    i need a solution against that :(
    thanks for help !


    like a botnet network from USA (from the IPs)...

    some others server aren't ok with the fact i'm first on a topsite ... that's not my fault if my server isn't too bad !!! :(


    Code:
    20:29:06 [INFO] Disconnecting wiz2894 [/71.61.58.58:57299]: You are not white-listed on this server!
    20:29:06 [INFO] Connection reset
    20:29:06 [INFO] Connection reset
    20:29:06 [INFO] Connection reset
    20:29:06 [INFO] Connection reset
    20:29:06 [INFO] Disconnecting old_123 [/216.176.124.176:1859]: The Ban Hammer has spoken!
    20:29:06 [INFO] Connection reset
    20:29:06 [INFO] Disconnecting mippers [/71.227.242.52:56634]: You are not white-listed on this server!
    20:29:06 [INFO] Disconnecting joey_smith [/137.118.137.118:2694]: You are not white-listed on this server!
    20:29:06 [INFO] Disconnecting man_crafter [/75.118.82.116:3897]: You are not white-listed on this server!
    20:29:06 [INFO] Connection reset
    20:29:07 [INFO] Connection reset
    20:29:07 [INFO] Connection reset
    20:29:07 [INFO] Connection reset
    20:29:07 [INFO] Connection reset
    20:29:07 [INFO] Disconnecting taininfernus [/98.246.64.74:4039]: You are not white-listed on this server!
    20:29:07 [INFO] Disconnecting mordad [/24.245.17.166:61405]: You are not white-listed on this server!
    20:29:07 [INFO] Connection reset
    20:29:07 [INFO] Disconnecting mrmango69 [/71.79.245.167:4761]: You are not white-listed on this server!
    20:29:07 [INFO] Disconnecting mimi66 [/207.144.104.145:3301]: You are not white-listed on this server!
    20:29:07 [INFO] Disconnecting lucyy [/68.42.108.151:55052]: You are not white-listed on this server!
    20:29:07 [INFO] Disconnecting Adamfergu [/66.177.190.173:2160]: You are not white-listed on this server!
    20:29:07 [INFO] Disconnecting scorpio10 [/173.71.210.45:2598]: You are not white-listed on this server!
    20:29:07 [INFO] Connection reset
    20:29:07 [INFO] Disconnecting drpoonhammer [/173.49.84.49:2567]: You are not white-listed on this server!
    
     
  7. Offline

    Omnitv

    Your server is licking these players because they are not in the white list.
     
  8. Offline

    Mineria

    With or without whitelist, it's same, even in online mode or not, they do many many connections queries ...

    and it's really annoying !

    i don"t know if they're really a solution against that :x
     
  9. Offline

    Omnitv

    Why the boots did i say
    plus i just noticed that there are bots. possibly they are refreshing the whitelist? no clue any further.
     
  10. Offline

    Mineria

    no white list anymore.
    please help :x


    they use :
    PW**G3 tool


    for 99% sure !!!
     
  11. Offline

    ZeroZX4

    install auth me and it you can choose characters that can be used for nicknames and how many accounts can have 1 users
     
  12. Offline

    Mineria

    That won't solve it :x

    i'm sure now that they use the PW....G4 tool.

    i look for the IPs on the Internet, this is only SOCKS proxies, like the ones used in the tools ...

    is there anyway on Linux to block connections from proxy ?

    thanks
     
  13. Offline

    Nekpek

    you could ask your ISP for a new IP as a last resort,

    EDIT1 : And if you use a server host provider i would recommend changing away from them
     
  14. Offline

    Mineria

    no, i've a VPS, maanged by my own.

    a new Ip won't change anything, cause it's redirect by a domain :p
    and they we'll be able to see the new one...

    up

    anyway ?

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 25, 2016
  15. Offline

    cancrena

    i think your solution is in antibot, posted above, but you need to set really well the config file, paying attention on the login per second parameter (actually they're 2 parameters: one sets the time frame in milliseconds and the other sets the number of login in that time frame). Since tools like pwn4g3, worlds end or quartz make a large amount of logins and the attack lasts for minutes and not just seconds, i would try first setting something like 20 logins over 5000ms.
    if i remember well, there's also an option to set white list only for the duration of the attack. try to look around for optimal configuration.
    we had the same problem on our server but we never had the time to set up antibot properly due to other worse issues we are experiencing, so i don't think i'll be able to help further :(
     
Thread Status:
Not open for further replies.

Share This Page