60 Replies
The ip is from a datacentre
is this some sort of very slow ddos attack?
could also just be a badly made/updated server scanner
its sent like 100 pings
with 1/minute
Ones from a datacentre in london, the other a datacentre in germany
I banned the ips
Update Update: Banning the ips didnt work
how do i stop this?
Did you ban it from your server?
banning it from your server instance wont change much, but if you're using something like
iptables you can drop the packets coming in.ip banning wont
^^
something like this is probably what you're looking for, but itll only work on a linux box with iptables.
sudo iptables -A INPUT -s <IPADDRESS> -j DROPyea no im using a host
so, is this a ddos attack
i wouldn't say so. like the GamingDk said previously, probably just a scanner
but why is it scanning every minute?
not too sure, honestly. I havent had that issue before, but I go through AWS, and not a host provider
logging player counts and whos on
ask ur host to block em if possible
howd they find my server tho?
ipv4's arent private
they scan 25565/many other ports
on every ip
idk about every ip, they probably know their host's ip ranges, or has associated the ip's as being from a host service
but maybe im just ignorant here
every ip.
and i mean every ip
ill take your word for it 🤷♂️
considering i know many of them
@mat
.
ye
np
well no mc server list has my server
still, ip's arent private
^^
theres a very limited amount of ipv4's
like, the numbers themselves. theres only a few billion of them
but whyd they scan mine? What are they using the data for?
its every ip
they are scanning
your server isnt "special"
private lists, tracking people etc
yea but its annoying and only just started and I want it to stop
you cant just tell it to stop
ask ur host
thats all u can do
also why is it producing an error?
shouldnt it be a player joined the game player left the game sort of thing?
either for more spam or for this
not entirely
also how r they joining as ip:port? and not a player
well it just doesnt get to that stage of the login
:trolley:
Omg
I'm getting the same problem
So from what I've seen, there's not much I can do to stop this?
Which host are you using?
witherhost
I'm using EnviroMC, but I'm also getting a similar problem, what did you decide to do about this situation?
.
just contact your host's support about blocking the ips.
just get some plugin to block asns
"some plugin"
not many of those exist
and it would have to do it at the netty level
Now its doing this?
Wait my servers 1.19.2 is that the broblem?
https://namemc.com/profile/cuute.1 they r north korean???
NameMC
cuute | Minecraft Profile
Check out cuute’s Minecraft skins, name history, UUID, and much more!
They r either north korean or from amsterdam
im so confused
its a vps, they dont live in amsterdam lol
does that mean they r NK lol?
i doubt it
no why would it mean that
because the player's namemc account says North Korea?
the owner of the namemc acc can set the location to whatever they want lol
also these r still appearing
malformed packets
yes
but im so confused why has it changed, and why is their scanner so f'd up?
if it isnt done why r they testing on a random server
prod is the best testing env
:3
but did they just type a random ip and get my server or r they doingthis to everyone???
check other posts on this server, its happening to everyone
wsgbwetgvdsfv ok but its annoying
if a single connection per minute is affecting you like a DDoS attack would, consider not using hardware made in 1998
are you using a host or can you block the ip with iptables etc?
yeah so there's not much to do aside from that
LOL
XD no its just hard to read console
Also, ive blocked them with a "firewall rule"
nice
I've seen reports they appear from multiple IPs so if it ever happens just block that IP as well
Think there is any risk to them? I've been getting a ton today, and I just noticed them starting up recently.
Nah