What's a good way to block connections from scanners if you can't make changes to the firewall
asking on behalf of someone else, idk why they can't use firewall :Waiting:
Solution:Jump to solution
Honestly the best way is running a ddos protection/reverse proxy service on top and have it firewalled
6 Replies
wow what a cool bot
U cant
Scanners run on resi networks or use resi proxies
If you block a scanner you will also block legit connections
The best thing is probably that plugin that doesn't let you see the motd until u join once
./whitelist is also cool
if a private server
if its a public server you should probably have it secured and have backups and the such anyways
but even this could be flagged as behaving oddly by a smart scanner if they are scanning a common mc port where they can assume any response is a server, since netty doesn't let you completely drop an incoming connection with no acknowledgement
in the end, it just makes more sense to use proper security measures for whatever type of server you intend to create
Solution
Honestly the best way is running a ddos protection/reverse proxy service on top and have it firewalled
U can't scan reverse proxied servers as they are setup by domains
I suggested that but they said that it's the console logs that's bothering them.
I'll mark this as the answer it's probably the only real way to avoid them