Admincraft•2y ago

setting up fail2ban to limit scan bots

I manage a minecraft server on my VPS which uses offline mode, and I'm struggling with the persistent scan bots. The log looks like this:

[13:39:35] [Server thread/INFO]: com.mojang.authlib.GameProfile@704891c0[id=<null>,name=cuute,properties={},legacy=false] (/162.33.178.237:56832) lost connection: Disconnected
[13:44:05] [Server thread/INFO]: com.mojang.authlib.GameProfile@1b40c3b8[id=<null>,name=cuute,properties={},legacy=false] (/162.33.178.237:51468) lost connection: Disconnected
[13:47:15] [Server thread/INFO]: com.mojang.authlib.GameProfile@1b5066ca[id=<null>,name=u_cuutemc,properties={},legacy=false] (/193.35.18.142:40100) lost connection: Disconnected

[13:39:35] [Server thread/INFO]: com.mojang.authlib.GameProfile@704891c0[id=<null>,name=cuute,properties={},legacy=false] (/162.33.178.237:56832) lost connection: Disconnected
[13:44:05] [Server thread/INFO]: com.mojang.authlib.GameProfile@1b40c3b8[id=<null>,name=cuute,properties={},legacy=false] (/162.33.178.237:51468) lost connection: Disconnected
[13:47:15] [Server thread/INFO]: com.mojang.authlib.GameProfile@1b5066ca[id=<null>,name=u_cuutemc,properties={},legacy=false] (/193.35.18.142:40100) lost connection: Disconnected

Do you have experience setting up fail2ban filters for these? I've never set up a custom filter myself.

16 Replies

Admincraft Meta•2y ago

Thanks for asking your question!

Once you have finished, please close your thread. Make sure to provide as much helpful information as possible such as logs/what you tried and what your exact issue is

command to close

/close !close !solved

Requested by zeruel#2033

Zaid•2y ago

Offline mode ? Are you running a network?

0xzeruelOP•2y ago

no, I mean using online-mode=false in server properties not sure if it is relevant for this attack

ProGamingDk•2y ago

!offline

Carl-bot•2y ago

https://offlinemo.de/wegotem.mp4

ProGamingDk•2y ago

we do not support offline-mode servers. are u using a proxy? like velocity/bungeecord/waterfall in online-mode or is your server just fully offline-mode

0xzeruelOP•2y ago

oh, I'm sorry

ProGamingDk•2y ago

also i recommend trying the plugin EpicGuard might help

0xzeruelOP•2y ago

I mean, it's not really relevant for the question. I just use it for convenience. Should I remake the thread?

ProGamingDk•2y ago

doesnt matter if it is? ur supporting piracy which we dont

0xzeruelOP•2y ago

i'm not supporting piracy, just using a valid configuration of the vanilla server. but okay.

ProGamingDk•2y ago

well i asked u?

ProGamingDk•2y ago

0xzeruelOP•2y ago

just offline-mode

Zaid•2y ago

Usually means piracy If ur not running a proxy

cobalt (no longer active)•2y ago

Because offline mode is required to be on the backend servers when behind a proxy Otherwise it's allowing cracked clients to join the server, which is 1) piracy, illegal in a way SIMILAR to theft 2) Horrible for security

Gaming

Programming

setting up fail2ban to limit scan bots

Did you find this page helpful?