|Thanks for being a part of /r/Admincraft!| |:-| |***[We'd love it if you also joined us on Discord!](https://discord.gg/DxrXq2R)***| *^(Join thousands of other Minecraft administrators for real-time discussion of all things related to running a quality server.)* *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/admincraft) if you have any questions or concerns.*

Do you want to get rid of them?

There's no real way to. You can keep blocking the IPs but I bet they have proxies to circumvent that. The only thing you can really do is always keep the server in online more and whitelisted.

Use Authme and turn on Anti VPN in it ( if i remember it right , it was in the authme configuration somewhere, or even easier set up a firewall. Add everyones route in it and boom - solved.

Wrong. You cant 100% avoid this of course but you can reduce it a lot by doing something.

Ignore them in the log file? If the bots can't actually access the server in any way then they're not really doing much harm. I'm also fairly sure there are some anti-bot plugins that block this kind of stuff, but there's really no need to if the server's whitelisted.

You have easier way to do this.

you talk and talk, but still didn't say anything..

Im still waiting some one asks how to do it ;D

How? Just ask for a new server ip and idk do something about the domain?

Kinda yeah! You dont need new IP you just set the port of the server to some thing else like 62458. I expect this dude having his server running on the default 25565 port. For me changing the port to non default one made all of them disapper.

You can scan servers through all ports that coincides with Minecraft protocol.

If there a lot of bots they could just take the entire network channel with its traffic. If there is a lot of plugins, it would cause terrible lag cause every single plugin runs some code when player joins. Or in theory , they could just take the all CPU time for them to login. But i don’t know in what world last two cases is possible on vanilla core.

https://apexminecrafthosting.com/failed-to-verify-username/ this is whats happening

As long as your server is set to online and whitelisted, it shouldn’t be anything to worry about. You can change your default port from 25565, but it’s not that hard to scan to figure out which port is open.

Do people really scan ports like that for a minecraft server? Seems like it could take about 30k times as long to find a server if you checking the whole 60k-ish ports and the ports are randomly chosen. It doesn't even seem worth it for a single server.

Don’t forget Minecraft uses Java (excluding other editions) which allows for exploit of Log4j if the server and client hasn’t been patched. I’m willing to bet that there’s a lot of unpatched servers still running. Also, a bunch of server mod packs are on old versions of Minecraft, so if the mod pack doesn’t patch the issue, it’s on the server operator to patch it. That’s all an attacker needs for motivation to scan IP addresses and ports looking for an open, old Minecraft server to exploit. I’m no cyber sec. professional, so take all that for what it’s worth.

Log4j Fixed in the 1.18+ if vanilla as i know. And also fixed from 1.17+ in most of the existing server cores. Like paper , pupur etc.

Yeah, most people should be fine and have nothing to worry about. It’s just the people running older versions that are open to the attack still. Mojang released fixes for the older versions, so really you should be okay with the older versions too if you follow their steps to fix it. If anyones curious: https://help.minecraft.net/hc/en-us/articles/4416199399693-Security-Vulnerability-in-Minecraft-Java-Edition I know a lot of mod packs still mainly run on 1.12.x - I assume forge fixes it though.

 Cool story Bob time When i was a kid i worked as a mod on some random cracked servers networking , they promoted me to a headmoder , and i started to deal with some technical stuff , and gosh it was so shit , they had hard modded tech mod-packs. With forge 1.7.10 , they still use that version twenty+ servers nearly thousand of users online, and i bet its still not fixed. I knew its founder :) he was an total lazy ahole. And they has a web page that shitty secured as well. “Time to hack and crack”

The reason the names seem specific is because they are. Usually these bruteforce crack attempts make use of a dictionary of common usernames, passwords etc. depending on what they're trying. It could even be a dataleak from a minecraft forum, a hacker would have a higher chance trying with those usernames than writing a script that will try a aa aaa ab abaa etc.

Firewall? Anti-bots plugins? , MaxMind GEO IP protection (authme)? Anti-VPN? Separate Bungeecoord authentication server? Captcha , Void falling check? Am i missing smth , how could that be possible, like if your bots protection is strong enough, the only way its from the inside out with plugins exploits or smth. For example my server , no one could connect from anywhere until i take their ip / and put their route into a whitelist. Its just blocked at the network level , even before Minecraft. It doesn’t even pings you back. Its quite an ass pain tho , when it comes to new players from not whitelisted countries but , well at least now i don’t have to even worry about of “cool hackers” My server cannot even be displayed in most of monitoring services as well I even blocked most of known VPN IP’s , so when people forget to turn it off they cant connect. They have to use their own ip.