Player trying to connect even through whitelist and a ban
I'm hosting a server for me and some friends and I've had 2 accounts from people I don't know trying to connect to the server (although unsuccessfully, getting disconnected constantly), so I decided to put on a whitelist and put our users so no one else could connect, that seemed to work for one of these 2 people, since they now were getting "You are not white-listed on this server!", for the other one however, this didn't seem to work, so I just banned their username (since they are changing their IP constantly), but that didn't work either cuz they keep trying to connect constantly.
Is there any solution to this?
99 Replies
I have this same exact issue and same exact player too. Unsure who this "cuute" person is and when I try to go to Reddit to get answers, can't view due to the blackout. Hopefully someone here on the Discord knows something.
Some reverse snooping shows its a North Korean individual with female skins.
Instead of whitelisting, my team and I decided to implement a password instead: https://www.spigotmc.org/resources/serverpass.103396/ Easier to give out a password than it is for someone to wait on you to be whitelisted.
cuute is just a server scanner
its harmless
trying to connect to the server (although unsuccessfully, getting disconnected constantly)They arent connecting or trying to, theyre just checking to see if the server responds to the ping The only real way to "block" them is to firewall off their ip but they're harmless, so you can ignore them
I'm now curious how the server ping service even got my private server's IP to begin with.
I am guessing the bStats?
No
they just ping every ipv4
Its dead simple to do, it isnt a server ping service
I wasn't sure what else to call it. Anywho, I will indeed block the IP with the firewall and hope that stops the console spam. 🙂 Thank you for the info.
Itll stop it until they get a new ip
which may happen quickly or not
note: they get a new batch of ips from completely different hosting services every single day
It does look like a different IP than the one they had two days ago.
it will be an ongoing battle, good luck sir 🫡
Consolespamfixer and just add that as a word in it
Should get rid of the spam
This is the best thing I can think of
Dont use that
Unless you wanna constantly block new ips
you can hide shit from console with that
Isn't that the point
i.e. if you block the word
Disconnected, any chat messages with that word will be hiddenJust add cuute
Problem solved?
Or am I missing something
if I say the word
cuute in your chat, those messages dont get logged
and if they change names (which is trivial to do), theyll come backLooks like noway to completely block then huh?
Best to live with it then
Regex matching!
Curious if that plugin can block phrases, not just simple words.
I just tested logging in and out of my server, which gives different messages rather than the "com.mojang.authlib.GameProfile" message as seen in the server ping account Cuute.
I just tested logging in and out of my server, which gives a different message than "com.mojang.authlib.GameProfile" as seen in the server ping account Cuute.Cause theyre not logging in and back out theyre just pinging the server
Right, but if I use that specific phrase, I could potentially hide the ping no matter what user or IP they use.
true, but again, if any player says that string in chat
their messages wont be logged to console
I kind of doubt most of the players I allow into my server would even think to say something like that. Its a friends and friends of friends only server, not open to general public. So the likelihood of that specific phrase is quite small.
I'm off for the night. Thank you everyone who has taken their time and expertise to voice opinion and options on this matter. 🙂
North Korean individualit's true cuute is kim jong un himself i asked kimmy j and he confirmed it for me who knows why he's playing with female skins
Let's be real most play with female skins
👉👈
I don't
Keyword "most" :]
North Korean individualcan confirm 100% no lie
It's spammy so it isn't harmless
Either way I wrote a fail2ban filter for them so they can go and get fucked
You should write a guide on how to do it in #resources
Some people would probably appreciate it lol
I'll do that later, its three am
all good. sleep well
probably not a good idea to ip ban anyone who fails to authenticate
since it can happen in vanilla like if your session expires i think
if you hit cancel on a connecting screen it logs that
Im pretty sure his one just does it for repeating ones
like 5x attempts in < 10 secs
ah
cuute doesn't go that fast anyways though
mhm. Either way some people probs could expand on it or just refer to it if they end up going down that route
i just personally ignore it nowadays
just simply don't look at your console 😄👍
From what I was able to test it only logs when plugins cancel the connection
Such as discordsrv
And yeah I have it set to five logs within 15 minutes since cuute attempts to connect every two minutes for hours on end
I'd rather not deal with the log spam
no
Oh ok
How did it find my server? I run it on a different port than 25565
I'm just curious
They just check all ips with all ports as simple as that
Aren't you one of the people doing it anyway? Would be great to see you stopping it rather than being unhelpful. Yeah we can just "not look at the console" but how are you meant to troubleshoot your server? There is enough spam on there without this nonsense happening.
it's not me
but i do know a lot about scanning
there's a lot of people that have made scanners
cuute only really exists to annoy server owners
Not many have entire blog posts about it though
https://matdoes.dev/minecraft-scanning
yes
i made a bot that joins servers but it's much nicer than cuute imo
have a separate post about that one
the actual easiest solution to hiding the console spam is to just firewall their ips though lol
I mean, sure, until the VPS gets shutdown and then another one pops up and you play wack a mole every day.
there's also like at least one plugin that just hides the error messages
Cuute is not an example of a "nice" scanner
i agree
No scanner is a nice scanner. They are pointless spam.
scanners don't cause console spam
the ones that do are usually intentionally trying to annoy you
Also why did you say abuseipdb was a leader board lol
is that not what it is
it's a joke
I and many other services regularly pull from it as a blacklist
no one follows its rules
the abuseipdb rules say you can't report for port scanning
yet everyone does
literally a joke site
Why is there a report category for port scanning then
If it's not allowed lol
check again
wait there is
silly abuseipdb
anyways the point of the website is for reporting malicious activity though
I don't see anything in the TOS about not reporting port scanning either
No way
It doesn't make sense to write it off as cosmetic when there are actual consequences to being reported by people
a lot of port scanning is just sending syn packets and not completing the handshake
That's probably because of this : https://i.taffy.coffee/QiUWj4i6BM.png
That doesn't mean "IP scanners are fine though"
i mean port scanning isn't inherently malicious
reporting it is a tad silly
ah of course, hence why if you do it on Hetzner, they can and will ban your account. Same as many VPS hosts. Silly fools banning people for being spammy
"I'm just curious bro, nothing malicious, trust me"
some hosts ban for scanning because they get complaints from dumb sysadmins that think a SYN packet is going to hack their system
and it's easier to just ban than keep dealing with complaints
Its more like the hosts scanning are also correlated to hosts that probe every ipv4 on the internet
Probably involved with ssh bruteforcing as well
Or minecraft server scanning
Nobody scans ipv4 "just cuz"
you'd be surprised
plenty of people scan ipv4 just cause
it's fun
as I said before "trust me bro"
um yeah "innocent until proven guilty" right
scanning isn't proof of anything malicious
Of course not. But who knows what you will do with the information?
Like I said it's correlated to server probers
And most hosts would rather not deal with the waste of resources
Thats for damn sure
reporting for ssh bruteforcing is fine
Some people value their privacy
that's at least probable cause
me on my way to sue people for defamation after they reported me on abuseipdb
good idea
wtf???? someone reoprted me for being cuute??
ok it is just faked, they replaced the ip in the log
there normally isn't a space
two spaces
before port too
why???
If its one account on one address it's fine
You can opt out by just nullrouting it
I have an issue with scanners that constantly switch ips
there's several ways to opt out of scanners
simplest is to enable the setting that makes you show up as "anonymous player" in the server list ping
second simplest is to disable the server list ping in server.properties
Server list ping isnt sent
Yeah
I wonder if you're Matscan, an account that actually joined my server while I have the password plugin in place. It failed to do the password in time so it got autobanned.
He's matscan, yes
Nice to know that password plug-in works nicely. 😛
You grep out errors you don't care about. Have you never looked at the logs for a public facing apache instance? Or a public facing ssh port?
If only tools to parse log files existed.
ever heard of google? yeah that company loves to scan every ipv4 address
also microsoft, those guys do it too
in fact, ever single search engine does full ipv4 scans regularly
ipv4 scanning has plenty of practical uses
even the BND or the NSA cooperate with scanners
Yes that's how their search engine works I'm aware
They have a legit reason
there was an older version that logged in as all admins and tried the passwords "password" and the player's username
i didn't implement that for matscan though